As already mentioned in a comment in #3378, reusable blocks should have a security concept.

Currently there is none, any user can edit any existing reusable block, even users with contributor role while creating/editing a "pending review" post.

This leads to the weird situation, that a contributor is (as expected) not allowed to publish an own post, but is (unexpected) able to "live edit" sitewide content by editing existing reusable blocks.

WP 4.9.1, Gutenberg 1.9.0