It's not "secure" and it's not "enforced", at least not in the strict senses of those words. It's a protection against accidents and carelessness, sensitive information being reply-all'd around in long threads that people aren't reading anymore, the accidental forward to an external party.
Many organisations for whom this is an attractive feature, have long had policies around emailing sensitive information, instead links are emailed, and securing access to the information is handled by the application. If the link is forwarded to the wrong person, all they can see is a login screen.
Many organisations for whom this is an attractive feature, have long had policies around emailing sensitive information, instead links are emailed, and securing access to the information is handled by the application. If the link is forwarded to the wrong person, all they can see is a login screen.