.. what prevents them from trying to edit the site directly?
I mean if I give FTP or local network access to my user it
doesn't really matter what type of key I send him
(publisher/writer) or what permissions I choose for his role since
he can make any changes he like over FTP or local network with a
text editor. I wouldn't even notice it!
Wouldn't it be better for Contribute to publish all drafts
(pages+images+documents+...) in a subfolder of the site where user
would have explicit write access, but they would have read-only for
the rest site.
It is a same for such a nice product to have such an achilles