Hold your breath: we appreciate you are asking and are telling you in a minute. But before reading on, consider this: We never intended ARM to be the swiss army knife of authorization. It might well work in 80% of all cases and should get you up and running pretty fast on most of your projects, but we cannot guarantee fitness for any purpose – hell, we don't even guarantee ARM won't scan your computer's hard disk for credit card numbers and sends them over the wire to us.
But for you trusting souls out there: this is the list of ARM's weaknesses that we are beware of (feel free to comment on it):
Well, for one acts_as_rolemodel didn't spring into existence from a real-life project. Instead it was designed before the fact. That is to say: acts_as_rolemodel is yet to be tested on a large scale industrial grade project. If you are willing to help here, just ask us.
acts_as_rolemodel isn't tested against all databases supported by rails. In fact, we test only against MySQL, Postgresql and Sqlite (which is our primary target during development.) As we don't do anything fancy on database level we expect no problems with other DBs though.
while acts_as_rolemodel comes free as in beer and in speech, it does come with strings attached: you must expect a certain degree of overhead. This depends heavily on the structure of the data your application operates on: if your application is already on limit you might still prefer your homegrown perfect fitting authorization implementation. Please benchmark your application ARMed and unARMed. (Note: We do help you here, with the “arm.unarmed_when_testing” configuration option.)