Depends on the culture. I interned at a place that fell under the Critical Infrastructure Protection program. It was so strict you'd get a visit from security if you tried to badge through a door you didn't have access to.
Interesting. I wonder if, in a “mind your own business,” curiosity-discouraged sort of environment, people might also be less likely to notice and report threats.
The first thing I do with credentials is find out what they open. Seems like if you have the resources to follow up on access attempts, you have the resources to set ACLs correctly so you’re not scared of them.
