At first glance both have similar security models, but on closer exampination they are significantly different. Both use Pincipals, Permissions and Roles. Both acquire permissions from the parents. But that is where they diverge. Zope 2 has permissions on funcions. Every funciton could be given a security declaration. Zopache and Grok have security on views. Every view can require a permission. Both Zope 2 and Grok have permissions that are independent of the data. Permissions only depend on the tree. In Zopache, permissions depend on the data. If the hiring manager so chooses, only German candidates can see the job.
The implementatino of security also differs. In Zope 2, every object has a permissions view. It was a big, often a huge table. In Zopache, you drop a permssion object in a folder. You call it the name of the permission. Permissions are then aquuired from the parents, or ZClass. It is an easy way for end users to control access to their information.
Both are based on the ZODB. Zope 2 hid the fact that ZODB is a graph database. Zopache embrasses graphs, choice lists can be from another branch of the tree. You can even have choice tree lists!
Zope 2's acquisition was a bit promiscuous. In a single HTTP request, you could walk down multiple branches of the tree and acquire anything you want. Maybe this was as security hole. Certainly it made debugging more difficult. Zopache just allows you to walk down one branch of the tree. You can acquire Templates and images from the ZClass or Parent Class. Much easier to understand and debug.
Both have a model of ZClasses. The Zope 2 model was a bit restricted. You could not change the parent class of a ZClass. And there were no instance or class variables, just rather odd property sheets. Zopache ZClasses have proper class and instance variables. Zopache supports multiple inheritance.
Zope 2 is older and more mature. It has rich libraries of add ons. Some of which conflict with each other. Zopache has much richer objects, but way fewer of them.
Zopache employs performance enhancements . You can load a whole branch of the tree in a single disk access.
Zope 2 was open source software. You had to be a Unix geek to install and run it. Zopache is hosted software. Easy for anyone to use.
Zope 2 supported python scripts, which were a huge security hole. Zopache will be supporting a secure, ininite loop resistant templating language and ZTK spacesuits to provde a secure but productive environment.
Zopache is built on top of Grok and ZTK. Great Technology. I can do whatever I need to do with them. It is easy to turn Zopache into a JSON database. It is easy to add new content objects. Zope 2 TTW was a bit limiting.