There is a blog post about this: blogs.msdn.com/cjacks/archive/2008/02/05/where-should-i-write-program-data-instead-of-program-files.aspx (I'm not allowed to hyperlink yet, you'll have to cut-n-paste until it gets corrected).
It actually seems to revolve around a particular question: If you have files which are supposed to be writable by all users, do you expect the user to discover the files in explorer and be able to doubleclick on them, or do you want the files to be hidden and only used in the background by your application.
If you want the files to be discoverable in Explorer by all users, you probably want to put them in c:\users\public. All you have to do is put them in that location, and the default security should work.
If you want the files to be hidden from users, you probably want to put them in c:\programdata. In this case, when you create the files, the default security is probably not correct, so you will need to have your application ACL the files. Or better is probably to have your setup program create a directory structure for your app under c:\programdata, and have the setup program set good default ACL's on each directory - then your app doesn't have to sorry about setting ACL's when it actually creates the files, it just has to create the files in the right places.
In all cases, you should call the appropriate Win32 (or .Net Framework) function to get the path to the c:\programdata or c:\users\public directory. Don't hardcode those paths in your app - if you hardcode, you will miss some case where the user has moved the directory or installed Windows in some uncommon way, and your app will break.