Currently the field_access checks on entity form / entity view are done by WidgetBase::form() / FormatterBase::view().
- There are cases when you might want to use a widget even if the current user has no permissions to edit the field - e.g in a exposed view filter. (less sure about use cases for using a formatter while you have no permissions to view the field...)
- This being done in base methods, there is no guarantee that some widgets / formatters don't override it - possible holes.
In Vienna, @fago argued that #access should be the responsibility of the caller, not of widgets / formatters themselves.
Thoughts ?