Important to know if you use an impersonation step in a workflow, and you change the rights of the user that has published the workflow, the workflow will start failing to execute his code. Last week we cleaned up some user accounts of employees that din't work any more in the company and suddenly we remarked that certain workflows were not working any more. The workflow impersonates the "Author" from a SharePoint point of view for that step. So if she somehow looses her rights if'll fail. The reason I'm putting "Author" in quotes is that in my option it's a wrong term, because in fact it's the last publisher's identity which is used. So if the workflow fails due to the "Author" loosing the rights any user with sufficient rights can go in and publish the workflow and it'll start working again. In fact you can do this as a general rule and have some "service account" which is used to publish all workflows so they'll run with the permissions of that account which should then not be a real person.