Currently, MongoSecurityException is used to wrap all exceptions that are caused by the authentication activity. It is possible (yet, unclear) that this was not the original intent behind the introduction of MongoSecurityException. We need to decide whether we want to change what exceptions and when are thrown by the authentication activity, and potentially, refactor authenticators accordingly. See also this discussion.

Based on a brief talk with boris.dogadov, my understanding is that in C# the situation regarding their counterpart of MongoSecurityException is similar to what we have.