Originally I was going to report this as bug, but then I got to thinking I might be misunderstanding the context it was written in or the item itself.
NEWS.Debian offers advice from 2009 that promotes having a user in the lp group to access the full functionality of hplip. I haven't looked at the behaviour of each of the four facilities listed but printing and scanning do not appear to be affected by a user not being in this group. However, events have moved on. A user being in the lp group allowed (and still allows) another user's job files to be read. Now it will give read access to cupsd.conf and the PPD files, which undos the work done to make CUPS more secure. Am I missing something? Regards, Brian.