Is there a reason why I shouldn't use authenticated and cmsadmins as the 2 roles to setup my web.config locations?
It seems like a fast and elegant way to split up the users in cms and cms/admin groups. After that I can finetune access to parts of the tree with other groups. Since all the other groups will autmoatically be authenticated I don't have to add them to the web.config all the time and I don't have to use the WebEditors group as a group someone always has to be in to gain access.
What happens when the customer wants a secret page and removes the Everyone group and then crates a new group with accounts? They all gain access to edit mode, not good!
Use CmsEditors and CmsAdmins at least.