We have a short workflow where all editors have the same privileges for productivity purposes. Once a job is assigned to an editor the workflow will allow to create it's version, do the required edits, post, cleanup the version and close the job. There are no QC steps. Because of that any editor can edit the default version whenever he/she wants using WMX or not since the version must be public. Otherwise post will fail due to privileges missing if Default is protected. I've always saw this as a security concern. Since early days using previous versions of WMX users needed to be configured as SDE in WMX/JTX Administrator to be allowed to post in the workflow but again, once the application opened users were able to change versions to Default and edit.
If steps could be configured in the workflow to run as another user this could provide a way to better protect the Default version. A "post" step set to run automatically as the SDE or version administrator will allow the editors to just edit child versions without access to directly update Default.