Modern template engines for php (say, dwoo or smarty) can use objects as variables. You can use {$obj->method()}, which is really convenient, and i am using this a lot. But, there is a clear security problem with exporting directly objects from ORM, which have methods such as insert, delete etc. Is there any sane method to expose only part of methods to template engine? I was thinking of wrapper exposing only whitelisted methods:

$aTplVars = array (new TplWrapper(new User($nUserId),  array('getAccount','getStatus')));

Ne (net performans yükü var) düşünüyorsun? Ya da belki php için varolan bazı şablon motorlarında böyle bir şey var mı?