SharePoint Security in URL Redirection

Say there is a web called Comms, with a Document Library.  The Document Library has a folder called "Variable Accruals Report".

Users have access to this folder: "Variable Accruals Report", but not the web: Comms

So in this URL they get access denied if they try this url "http://local/IZ/Fin/Comms/default.aspx?RootFolder=%2fIZ%2fFin%2fComms%2fLibrary%2fVariable%20Accruals%20Report%2fFY%202010%20Q4%20Variable%20Accruals%20%2d%20Jun%202010%20%2d%20Aug%202010", because of the Comms/default.aspx?RootFolder bit.

As they land on this page, the page checks security and it believes no access.

But this one "http://local/IZ/Fin/Comms/Library/Forms/AllItems.aspx"will take them to the document library and show them the folders.

So the URLS show the same content, but because they get there via different address....