After turning on Seam's EntitySecurityListener, the follow exception occurs when working with a @Restrict-annotated entity from a MDB.
java.lang.IllegalStateException: No active session context
There obviously isn't a session context in this case.
Seam probably shouldn't check security permissions when there is no active session context. As well it would be useful to be able to programatically turn off security on a per-Identity basis. Please see the referenced Forum link for more details.