Consider a situation when a field (we'll call it Field_A) is a part of a field security profile. A user who doesn't have access to update/create Field_A and only has read access is filling out the form which contains this field. The user selects a value in another field (we'll call it Field_B) which makes Field_A visible and required (this behavior can be controlled either by a business rule or javascript code). So the Field_A becomes required but the user cannot update it since it's disabled on the form. You would think that the user won't be able to save it but you would be wrong. The record can be saved while some of the required data is missing! What if there are more fields on the form just like Field_A?

What's more, if another user who just happens to have full access to Field_A (update/create/read) is doing the same exact thing as the first user while purposely leaving Field_A blank (it is enabled on the form for this user) and tries to save the record, CRM will block this user from saving it because required data is missing. So in essence, a user with more security privileges cannot do what another user with less security privileges has just done.

From what I see, it is a violation of CRM security model which creates a loophole where required fields can be left blank.