Regarding
as more an more people use Drupal to provide non-traditional Webpages (e.g. providing services using Ajax, Flex, ...) our traditional access permission checks in hook_menu are less than ideal.
For example, you can use drupal_execute to conveniently create content or anything else. However, no check for access permissions is done since this only happens in the menu hook for node/add/whatever.
I therefore propose to push for D7 that the #access parameter on forms be made mandatory. Sometimes I want to be able to create content for a user behind the scenes but not allow them the ability to directly create the content. One of the strong points about Drupal is it makes a great framework that I can extend as developer. If you really push this through then I think the permission to create a content type should be separate from the ability to use the form to create that content.
Steve Ringwood