Williams: When the Sun Shines We'll Shine Together

Consider the user switching story in reverse. A malicious user leaves a process running, now switch users to your good self and start your VPN. The previous user's still running process can now take advantage of the connections you've just enabled.

NetworkManager's connection permissions protect against interactive use of another user's connections, hence is useful if users only invoke tasks when sitting in front of the computer. However it shouldn't be considered particularly secure against deliberate attacks.