JEM is included in am area whose access is controlled by an ACL. If the user clicks on the link and they are NOT logged into the site, they get a 404 error message. If they are logged in, they get to the event no problems.
Sounds like a good idea to me.
Here is some information if someone want to take it further
I think a change to the event model will be required to check if error is caused by insufficient user permissions and then redirect to login page instead of throwing exception and 404 page.
That should work for most cases. Only one small issue I can see: $data can be empty due to user permissions or simply because event does not exist. If you direct user to login with redirect to the same non-existing event you may never get the actual 404. Solution: test if the user is already logged on before sending them to login page - if user is already logged on show the 404 error. To test create a URL with not existing event id.