In my opinion, even allowing all users to have write access to C:\Program Files (x86)\Steam itself is a vulnerability, because any standard users can replace Steam.exe in this folder, and when admin ...