When you install Access, it creates a default workgroup file in c:\windows\system that has one user, Admin, in two groups, Admins and Users. This Admin person can do everything.
When you prepare to add workgroup security: You create a new workgroup, you usually create new groups and add your users to them, and assign the various permissions to each group. To make this work, you also revoke all permissions from the Admin user (if you don't perform this last step, then anybody can get in without logging in).
When you've just started using a newly-installed copy of Access, you belong to the default -- but -- if you join another workgroup, you're stuck in that workgroup unless you re-join the default. If your users are getting the login message with unsecured databases, that's why - they still belong to the 'other' workgroup.
Putting the /wrkgrp on the command line applies the 'other' mdw to just that session.