N to N relationships do not have their own security, it adopts the security of the entity it is built on.

This complicates the ability to use N to N relationships effectively. For example, there are many record types that can be appended to an Account record. To prevent a N to N record from being created by a user, we need to take away the append permission which prevents them from creating records for the Account record they should have permission to.

Suggestion is to provide way to give N:N relationships their own security permissions that can be assigned to users for legitimate use of the N:N.