filtering and grouping should accomplish  this

Filtering & Grouping doesn't make it so that I can't look at another users  submissions -- if I know the url. It can be used to obfuscate what's available, but it's not secure. We've thought of adding functionality into the form  so that it would only display the field data if the person opening the form is also the author of the form, or in a management role, but it's not secure either as another user could still just download the xml file and read through it without using InfoPath. I need something like the item-level security  options that list  have.

i like to tell my clients - 'fast', 'cheap' and 'easy'... you only get 2

Fast, easy - this app looks like it does that, http://www.spstools.net/
cheap, fast - msd2d.com/.../SharePoint_Document_Security_RMS.htm
cheap, easy - or, the poor mans way (most users  arent smart enough), delete all
the views in the default except the "my forms" one, or set a filter up, then on
the managers just add the views for them that group it up all nice and neat.

Your post remembers me of what I used to tell clients when I was consulting: I could do it fast, cheap or right, but I could only do two out of the three.

Thank you for your suggestions, but I'm also looking for others. I've looked at these scenarios, but neither will really work, and I don't consider the last option to be secure enough..

The first option requires that the person submitting the form  sets the permissions for that submission after it is submitted to SharePoint - Most users  are not "smart enough" to go through that process.

The second option doesn't work with InfoPath forms  (or at least that's what I'm led to believe) because the data of the form can be downloaded by itself as an XML document and can be easily read with a text editor.

One Document Library per person with a roll-up Web Part on a secure page
for managers?

This would work, except that we're talking about 3000 users  for currently about 400 forms. We've considered creating separate department libraries, and rolling them together into a view, which may work in many situations, but some of the forms  will need personal security.

Right now the only solution we can think of would be an event trigger when the user submits the form, and move the form  into a protected library, but then we loose the ability for the user to track the status of the form request - which defeats the purpose of having the Form library  in the beginning.

BTW.. Fabrikam has some good examples using scenarios like this, and give away some free components like SharePoint Routing for simple workflows and a free multi-library list view  webpart, but none of the examples provide this level of security  without removing SharePoint from the scenario and using BizTalk and SQL for everything, which is a lot of development work for as many forms as we want to convert..
msdn.microsoft.com/.../

I had another thought.

What if you don't give the users  direct access to the document library
(hereafter called the repository library). All end users would upload
files into the repository library  using any of a myriad of techniques:
1. Mail-enable the repository library, 2. Implement a staging library
where end users upload their documents and an event sink transfers them
to the repository library, 3. Implement a custom ASP.NET page
specifically designed to upload docs into the repository library. 4.
Create a fat client for interacting with the repository library, 5. Does
Groove have this functionality?, 6. Etc.

Include metadata about the documents in the list  either with the
documents or perhaps in a companion list. Then, have a single custom Web
Part Page that everyone uses to interact with the repository library. It
has a custom Web Part that presents only the documents that the user
should be allowed to have access to.

I happen to be working on the same issue. There really hasn’t proven to be a good solution at this point. I really hope that there is more document level security  in the next version.

I will keep you posted on what I find.