In prototype/demo you don't have to configure the entity access. Which is only available for demo purposes. Configuring entity access while doing a quick (impressive) demo, isn't really coming across quite well.
When developing an app which will end up in production. Always model with production security enabled.
To be clear: these levels have NOTHING to do with licenced or non licensed apps. A non-licensed app running in a free cloud has it limitations, but should have production security enabled as well. Unless it is play around app. Play around != unlicensed.
These are application level security .
1.Prototype/demo Security is applied to signing in, forms, and microflows. where Users can access all data. Administrator and anonymous access, user roles, security for forms and microflows.
2.This level is used when demoing the development and app directly to a customer.
Production or Full security is applied. Administrator and anonymous access, user roles, security for forms, microflows, entities, and reports.