[eluser]Damien K.[/eluser]
My apologies. When I said "You should not", I meant to say "My preference is to not". Every web application is different and decisions made are a result of many factors, including non-technical factors such as organization culture. I respect decisions made by others.
I have a preference for n-tier architecture and separation of concerns. Hooks is one way to achieve this, hence why I am leaning towards it as an implementation. It is less invasive and I like the flexibility to swap out my authentication system for a single-sign-on system in the future, or to handle it through other means such as .htaccess. Furthermore, I rather not have my controllers to determine whether it is public/private -- that is outside of their role for my applications.
I would have to say that I disagree with n-tier architecture (which is the case here) adding more maintenance nightmare or compromise readability. There is a trend heading towards Inversion of Control (IoC) (think Dependency Injection) and Aspect-Oriented Programming (AOP), which I am not an advocate of because if not done right can really make one go "huh".
I appreciate all the different approaches in solving any one problem. It is always a good read. There's no real right way or wrong way in solving a general problem in the software industry.