Authetnicated users can edit form, regardless of webform permissions

Scratch that, I don't think they should be able to even see the "edit" tab unless I select that they can edit webforms. Users with absolutely no webform permissions should not be able to do anything but view a webform.

Yes, the "authetnicated user" had been granted the "administer nodes" permission.

This seems like a huge design flaw. I can enable or disable the editing or deleting of other types of nodes (e.g. Page, Story), even though those users have "administer nodes" permissions. This allows me to grant edit access to certain areas of the site, but not others. For example, I might want to allow one person to post in the blog, and another person to update our links page. But, just because I give a user one type of edit access does not mean that they should have free access to everything!
I don't want to share webforms access because I don't want my contributors to break them, plain and simple. This interface is a bit complicated, and beyond that, the other contributors have no reason to be editing web forms. Usually you only give access on an as-needed basis, but the way permissions are set up for webforms seems to contradict this.

It's a really neat module, but this is a huge concern for people running websites with multiple contributors.

Furthermore, the permissions we're presented with are confusing if it all comes down to "administer nodes."
Why present the option "user can edit webforms" or "user can delete webforms" when unchecking them does not prevent that user from doing these things?
If I have "administer nodes" enabled, the user can edit webforms regardless of what settings I give to the webforms-specific permission. If I have "administer nodes" disabled, the user can't edit the webforms at all; it's pointless.