The addition of the automatic PDF publisher to Vault has been great however the fact that there is no way control the publishing location other than the globally defined setting is a little frustrating. Our system is currently setup such that PDFs are automatically published to a "$/Released" folder (within Vault) which is fine for the vast majority of drawings. The issue comes when there are certain items that should not be accessible to all users. Whilst the state based security for a lifecycle can control access to the original DWGs etc. the default publish location negates most of this security by putting the final PDF in the general folder. One way of dealing with this would be the option of changing the publish location/folder for certain lifecycles to say "$/ReleasedSecure" that can then have the initial permission set defined at the folder level. Ideally this location would be definable within the state transition actions.
The current work around for this is to disable the automatic publishing for certain lifecycles and rely on a manual action to generate the PDF. This file then has to be manually loaded into Vault which overall is not a very robust method of drawing control.