Yes - same mechanism in action.
For MVC I didn't yet try this out with a Post, but as a simpler example of the same thing:
1. Select a menu action that has params - which will take you to the dialog.
2. Copy the URL from the browser.
3. Hide that action and re-run the app (the menu action is not now there)
4. Paste the copied URL into the browser and hit return. You should get an error. It's not necessarily a very helpful error message - but it does not need to be. This is not guarding against a casual user error. (And
in fact you don't want to confirm to this rogue user that the Hidden action even exists). N.B. This is all much more carefully defined in the RO spec - as to which type of error is returned - but the same mechanism is used for