Then don't use it.  We have a very open environment at the labs.  Lots
of non-critical stuff is in directories or files that anyone can muck with.
All systems stuff isn't.  There has to be an ability to create `trust everyone'
files and directories in such an environment.  If you want to hack your
file server to not allow it, that's why the source is open.

If you are arguing that its too easy to leak things if you leave anything
writable except by small interest groups, then you end up spending a lot
of time changing group membership.  Eventually, every group ends up
being way too inclusive.

You are right that, lacking proper protection modes, the catch all can
be too easily used in inappropriate ways (like for /mail/box).  I believe
that chopping off everyones hands to avoid anyone stealing is perhaps
not the best solution.  I think the boyd/geoff/rminnich/alii solution
to make the 'a' bit meaningful in directories is a good one.  The
trick is making it intuitive also so that people are less likely
to make mistakes.