Hi @maillme!
You'd still be building your applications as you would be for internal use–– it's true that most of the net new customer-facing functionality you're seeing as part of this launch is on the Branding settings. I'm not sure if you're referring to these docs that walk through building a portal, but would love to understand what improvements we could make here (even if it's just adding more clarifying language)!
Ah looks like @bradlymathews beat me to your second question! 
Regarding security and making sure each user is able to see only their own data, we'd recommend leveraging Permission groups and referencing them in your applications (like so). At the data level, we've seen customers build in row-level security by using the permission group ID in queries as well.