Caveat Emptor.  This is a Drupal 5.x case, but I think the warning also applies to 6.x.

Don't use drupal_goto or a drupal_access_denied from hook_form_alter when processing the node edit form, or if you do, at least make sure it plays well with all your contrib modules.  I just found a rather nasty persistent bug caused by our custom code that did this.  The reason this is dangerous is that the node edit form can be rendered by contrib modules in places you don't expect.

The case that bit me was hierarchical_select's json callback.  I originally thought that this was an HS bug.  It would make sense to expect HS to setup the form and the menu path just right, when it's simulating building the form.  But it doesn't, and I don't know that expecting HS to also fix the menu paths is right... afterall, we have issues with arg and are moving away from it.

The easiest solution for HS was to avoid doing the redirecting drupal calls with the hack to specifically check if arg(0) != 'hierarchical_select_json'.