I’ve been able to work around this a bit.
I believe what you’ll want to do is have a model for your record types, so if it’s Account, call it something like AccountRecordTypes, then your SObject is RecordType.
You can then set a condition on this model Sobject = Account (or whatever object you’re using) so it only pulls in record types related to that object.
This model query on RecordTypes should respect the security rules, so in theory you would only get record types that the user has access to. You could test this by building a table of your record type model, then logging in as the user you want to test and seeing what they can see.
If it’s working right, then on the field in a field editor or table where someone is choosing record types, you can set a lookup filter so that it only shows records from your AccountRecordTypes model.
Let me know if that helps, and if not I’ll take a closer look at what I’ve got and post some screenshots/more details
