As some may have noticed the Tags module in 7.7.x can be locked down via ACL but users whose Roles deny them Edit permissions on that module can still create tags. I am told this is as intended in the design.
What if you want to avoid tag overload and control WHO can create new tags while allowing everyone to use those tags? Simple: set your permissions in ACL, and enforce them in the tag field type by extending it.
Note the if statement added at the comment line: //CUSTOM: check ACL
_createSearchChoice term results
term $ term
results results length
_ results tag
tag text term
text term app lang
hope you find this useful.