I'm with Cunningham for a few reasons. I don't like adding things to system databases, especially when they could cause issues with MS upgrades/patches. I wouldn't expect new schemas, but you never know.

Second, I want to be able to easily recover this db if I need to and this info, as well as xfer this to other systems if the need arose. Having a separate db makes sense.

You can still use roles and apply permissions as needed. I'd create the roles and apply permissions as needed inside of another db. You can still create separate schemas there that the roles have rights to work within.