Depends on who controls the capability granting. Which at the end of the day feels a lot like ACL just with functionality based controls instead of file based (with some functional bits bolted on the side).
It's not just like ACLs, though. An ACL is like permissions into a vault.
Capabilities are like taking a $10 bill out of your wallet to pay for a coffee, the most you can lose is the capability ($10 bill) you deployed in the transaction, you can't somehow lose your entire bank balance.
Another analogy is that of a circuit breaker. No matter what, it protects the wires in your house from overcurrent. You never have to worry about accidentally taking down the power grid when you plug in a toaster.
