Restrict user access to records based on project
This sounds like a great addition to me. Maybe on the project have a tab similar to the issues tabs that you can add users to. Then if you don't have the permission to see all projects, you can only see the ones that you are associated with. This would also be a great feature for the eventual web access.
And another thing. When viewing the user there could be a tab that lists what projects that user owns/can view.