Joel,
I would change it like so:
# For functions that display records or lists of records, test for the "read" privilege.
# For functions that create records test for the "create" privilege.
# For functions that alter or delete records check for the "write" privilege. (is there also a delete privilege?)
# For functions that grant permissions to other people, check for the "admin" privilege.
Packages should be explicitly setting permissions on objects. Some packages assign The Public or Registered Users permissions by default. For example, file-storage grants write to Registered Users by default. This could lead to unexpected behavior if a package is mounted under a subsite. It probably should at least default to the application group of the closest subsite (which is equivilant to registered users for the Main Subsite, i believe.)
Packages should be checking for read permission on individual objects. I don't think there is a performance penalty for displaying a reaonable list of objects generated in a single query.
A problem is shown in the search package which effectively runs a permission query for every object which is not efficient enough to use even on a small site.
