Update to this post – I recently learned part of the information in my original post was not correct. The index is in fact not part of the user profile, it is per-machine and stored in programdata/Microsoft/search. The search results are limited to what you have permission to read, which is more restrictive in Vista than previous Windows releases so searches will not by default span profiles even if you are a member of the administrators group.
At a recent customer event a question was asked, “Can you explain how indexing in Vista works securely and how it will effect network performance?” Many customers have expressed their concerns with desktop search engines provided by other software vendors.
The answer is the index will use AES 128-bit encryption and will be stored in the user profile. This will prevent other users from accessing the file. Administrators with access to take ownership could in theory still “access” the file although they would not be able to read it. Anything encrypted on the file system would not be put in the index by default although the option will be available if the user chooses to do so. The index will not be copied in the case of a roaming profile but testing is showing new machines can generate the index within reasonable time.
For network access – by default only content that is cached by the workstation and stored locally will be indexed so there should not be network overhead created by machines attempting to index network shares. The same is true for Outlook, only cached content will be indexed. In the future (Longhorn Server, Exchange 2007, SharePoint 2007) the servers will generate their own indexes of content and users will be able to seamlessly query those indexes in combination with their local index and the servers will be intelligent to the end that the query results will only return objects that the user has access to.