The linked post is a (rather low-level) way of dealing with restricted visibility. What you can always do is use the Surf Extension module system to differentiate visibility of metadata via configuration, since Surf Extension modules can be deployed / activated specifically based on the groups of which the current user is a member. Using Surf Extension modules, you can define one module with a metadata form configuration that applies to all groups, and a second module with an "add-on" form configuration that only applies to a specific group of privileged users. Alfresco Share merges form configurations at runtime from all the valid sources (static global config as well as extension modules) to build an effective config based on the current user.
In one customer project e.g. I have the following config for something similar: