Users with 'Edit Any Webform" also have access to all submitted form data.
Creating and editing form fields may need to be a discrete task, and not allow full control of the data itself. Editors may have no right to see the contents of a submission, much less delete submission data, due to the fact they can edit form fields.
This is an enterprise data security issue in our case, limiting who may be assigned permissions to edit.
Add an option to remove 'Edit all Forms' from also accessing form submissions. Allow form submissions to be handled with other existing permissions. Another option may be to add a permission to allow permission to CRUD form fields, independent of the Edit all Forms.
Closed: won't fix
6.2
Code
I can't see changing how the existing permissions are working without impacting existing installations.
Also any that can edit a webform can update the webform's handlers to capture and see any submission data.
Any additional permission hardening should be done via custom code and dedicated contrib module.