Entity Permissions modify the FetchXml when retrieving data from the CRM. This often results in getting a 'Number of link entities in query exceeded maximum limit' exception when dealing with moderately sophisticated data models with multiple or nested relationships. Another situation where it is easier to encounter this error with simple data models is when the FetchXml is added to filters already present in a CRM view that controls what data is retrieved.
Suggesting that a data model should be simplified is not an acceptable answer - data models do get complex for completely legitimate reasons, and changing the data model as a workaround becomes a very costly and complex effort of its own.
As potential solutions, I would propose that the "link-entity" xml elements added via Entity Permissions should either be excluded from the limit that CRM enforces, or the Entity Permissions implementation should be changed to operate at a different layer (think how the OSI model sets boundaries between layers of concerns, or the regular CRM business unit security model that works transparently behind the scenes in all queries) so that this exception NEVER happens.
Thank you for your feedback. We are considering moving the permission model out of the portal and back into the CRM server itself, eliminating the need for linked entities in your query specifically for security assertions. That said, one technique you can use in the meantime is to tie permissions to a web role and that will reduce some of the linked entities in your queries. Examine the security permissions in the partner portal for examples.