Thank you for your contribution Maarten Troonbeeckx!
I agree that you need to figure out if a global scope is a smart approach in every specific use case. That is what this article is all about, actually.
For security, I really understand why global scopes are used. In larger teams, the authentication cannot be overseen in a PR now, so we're secure by default. In a healthy development process (write tests, etc.) the developer sees that he needs to use the "withoutGlobalScopes" during development, so this should not be a problem at all. But this triggers the developer to think about the security, and that is a good thing. In a PR, the reviewer will also be triggered when he sees the "withoutGlobalScopes" and makes this an area of interest to focus on in the review.
But of course, every specific use case has different needs and every team has its own preferences.