Thilo is right - "Strict Exclusion" is used exactly to avoid this situation. If it doesn't work, it maybe either something's not quite right with your section access to section application relations,, or some new bug. Speaking of a bug - what QV version you're using? Did you try another version?
Strict Exclusion was working in 7.x for sure, and it works in 8.50 too. Can't tell about 8.20. If it's a bug in 8.20, don't expect QlikTech to go back and fix it. But the chances are that your security model is not clean. If you can try you app with another version, you can at least find out if it's 8.20 issue or the design problem.