Publishing actions requires the publish_actions permission, so if the app previously didn't ask for it, I believe you will be asked to re-authenticate the app with the new permissions.
I, for one, am going to be reviewing the apps I've previously added to ensure that none of them are doing anything I wouldn't want to. Not sure where to file FB API feature requests, but it would be nice to not have an "all or nothing" approach to authentication (this is a problem with the Twitter API as well, FWIW). For example, if an app requires X, Y and Z permissions, I might want to only allow X and Y and just not use the features that require Z.
Indeed there is a race condition (if that) where you have to allow access at the default privileges before opting out of any of them. I'm sure every single application sucks in your entire graph as soon as you click that button, so the solution to limit permissions after installing the app is just so much closing of the barn door after the horses have left.
Publishing actions requires the publish_actions permission, so if the app previously didn't ask for it, I believe you will be asked to re-authenticate the app with the new permissions.
I, for one, am going to be reviewing the apps I've previously added to ensure that none of them are doing anything I wouldn't want to. Not sure where to file FB API feature requests, but it would be nice to not have an "all or nothing" approach to authentication (this is a problem with the Twitter API as well, FWIW). For example, if an app requires X, Y and Z permissions, I might want to only allow X and Y and just not use the features that require Z.