The second evaluation criteria is, "Will the proposed pilot evaluate relevant security risks?"
I don't see anything in this design document about security risks. I see descriptions of specific features, but no explanation of the risks they address or attempt to address. The word "risk" is not present. In general, I am unaware of ANY documentation XSEDE has produced that enumerates the security risks XSEDE is managing, and I believe this is a significant problem. This makes pilots like these challenging because they lack any context for their evaluation.