Thanks Otto.
Why do you want to avoid BDC? Honestly, I like when coders include CALL TRANSACTION statements and use BDC, because in these cases our security work is clear - we simply look at the called transaction in SU24 to see its associated auth objects (the ones with proposal=Yes), trace the custom Tcode, then determine which of the auth objects from the called SAP transaction were checked when the custom TCode was run, then we associate those auths with the custom TCode in SU24. That is so much easier than getting into discussions with coders about "which fields do you use in the program" and "let's search SU21 together and find a suitable auth check", etc. But I typically see the CALL TRANSACTION statements used together with BDC. What issues are there with using BDC calls in code?