We had run into an issue with a workflow where my colleague Ben Walters and other site owners could submit a form and the workflow happily triggered off but not for users with lesser security privileges and that made me investigate the issue.

It turns out that SharePoint Designer based or declarative workflows actually run via impersonating the logged in users credentials. While code based workflows run under the system account context.  Also something to note around this topic is that with WSS\MOSS SP1 changes have been made to the workflow initiation process. The ‘System Account’ can no longer automatically initiate a workflow (although it one can manually initiate the workflow using the System Account credentials).