I don't think there is a single right answer to this. I very much believe that you should NOT use the administrative accounts as owners of the databases or for any other security other than administrative tasks. From there, all security should be set up using as little access as possible. Meaning, if a login only needs read access, only give it read access. If login needs to read and write data, only let it read and write data, etc.