We run into quite some issues with security – this is due to our solution. Our task based security solution needs to update files/folder (noderefs) from user X while the system (the workflow task) is currently assigned to user Y.
This construction helped us somewhat;
String test = AuthenticationUtil.runAs(new RunAsWork<String>() {
public String doWork() throws Exception {
…. do some stuff ….
} // end public doWork
}, AuthenticationUtil.getSystemUserName());
But now I also found this blog – this also helps me with current sys user settings.