My users are not malicious, but if there is an issue, they try to fix things themselves, without having a clue as to what they're doing or affecting. I only find out after the fact from notifications coming out of the workflows. If people have access, someone will try to do something at some point. If they can, they will.
They can get to the site workflows (and run them!) via Site Actions
I'm not sure if there is a way of hiding that based on permissions, they certainly would need sufficient permissions to start these workflows.
You could hide the link using CSS, but that would hide it from everyone, so you're only other option would be to use a security trimming control and wrap that around this control.
Users will still be able to access the page though, if they know the URL.
Joanne, the key thing to realize here is that this is a Site Workflow. IIRC users with merely Read permissions to the site can access/run the workflow - this is by design. Although it might create a problem in this case, it's vital for cases where you might need to give site users the ability to run a workflow in a list they don't have Contribute permission to.
Although Nintex doesn't appear to provide separate permissions control over Site Workflow (which I don't fault them for), one option you do have is to use SPDesigner to adjust permissions on the various pages used for Site Workflows. For example, the site workflow scheduling page is located at http://intranet.org/_layouts/15/NintexWorkflow/WorkflowSchedules.aspx. By changing the page permissions you can restrict access to only your workflow editors.
Just a thought.