I can see why workflows run under the Nintex App account. The Nintex app notices a change in the item and in turn manually kicks off the workflow.
But this has some disadvantages and may cause problems.
List items and documents that are updated by the workflow will be "changed by" the app account instead of the initiator. But the initiator workflow context variable has the user that caused the workflow to start. So when i log the value of the initiator variable in the history log it shows the person that initiated the workflow.
Another issue is that the App account doesn't have enough rights to read members of a group. Sure, i can fix this by lowering the security on that group but we don't always want that.
Anyone else ran into this? I'm curious to know if there are workarounds and if there are other issues that we should take into account.