Is it the case that the current replication mechanism attempts to replicate the entire model/table (all instances)? If so, how would one replicate only "owned" instances, or instances otherwise allowed by ACL?
For example, a browser application might want to only replicate instances of a "Project" model which are owned (or otherwise allowed) by the currently logged in user. Currently attempts to replicate ala:
```
LocalModel.replicate(RemoteModel, function (){
RemoteModel.replicate(LocalModel, function (){
});
});
```
will 401 unless the user (or $everyone) has read/write access to the entire Model.
Maybe I'm misunderstanding the current implementation?