There isn't a way to tweeze apart a files permissions, and what people are allowed to do with that same file. A quick example, if I set a file at 644, this means that:
The owner has read / write permisssions.
The owning group has read only permissions
Everyone else has read only permissions.
While it is true that this is safer (only the owner can execute), if your entire intent is to give the owning group execute permissions anyway, then ACL's aren't any safer than setting the file to 774, or 770 in the first place.
What ACL's do get you, is more granularity. So if you want to give the owner RWX, a group RWX, everyone else no permissions, but Bob and Sally needed read/write, you have the ability to do that by using the setfacl command. I recommended standard permisssions, because it sounded like a single group of people (and no one else) needed specific permissions, and that's exactly what standard permissions will get you.