Currently, if one wants to use ArcGIS Server to deploy both a secured service for editing and a public service to view the same data, they need to publish two separate services. One service, for editing, creates two endpoints: (MapServer and FeatureServer). When this service is secured, it applies the security to both the MapServer and FeatureServer. To create a public facing service, one needs to publish a second service with only the MapServer enabled. As a result, they end up with an unneeded MapServer endpoint and must maintain two separate services.
While there are times when the multiple service approach is appropriate, many times a separate service configuration for editing is unneessary.
I propose allowing security to be enabled on only the FeatureServer endpoint, removing the requirement to maintain two separate services for this workflow.