According to Google's documentation regarding container-specific installable triggers, the trigger will "run as the user who installed the trigger, not as the user triggering the event."
This seems to mean that a trigger could update a protected sheet in Google Docs, because although the user may not be able to edit the protected sheet, the trigger could if it was installed by a user with write privileges.
To test this idea in the simplest way possible, I tried using an onOpen event that triggers a script that edits the value of a cell on a protected sheet. This was installed by a user that can edit the sheet. Although it works if the user opening the sheet has write access, it fails to update the sheet if the user does not.
Is this due to my misunderstanding of how it is supposed to work, or is it a bug? It seems like Google was pretty clear that the script runs with the authority of the user that uploaded the script.
It's a bug.
In March I [posted][1] on the old GAS forum about it. Anton Soradoi from Google replied to me privately by email because I was unable to share the spreadsheet publicly. I shared it with him and got this reply via email on Tue Apr 3rd:
"The issue you are running into appears to be a bug. We are currently investigating it. I will get back to you with more info once I have it."
I didn't raise an issue because they were already on the case but I haven't heard any more since.