Assume a user has access to windows registry HKEY_LOCAL_MACHINE. Is there a possibility that Preferences.systemRoot() for a particular key not be accessiable based on System.getSecurityManager()? Is there an intermitant access issue i.e. sometimes the user has access other times not.
There's no generic answer to this, because it is possible that every method declared to throw a SecurityException can throw one at any time, for any reason, because access is controlled by a policy which can be customized for each user. Furthermore, details such as where the Preferences API stores its data is completely implementation-dependent, and can (and will) vary across VM versions and implementations. Finally, note that the specific details you're asking about are relevant only on Windows; in general, you need to write Java code so that it works on any platform.
So you should code as if the answer were yes, the Preferences methods declared to throw SecurityException can do so any time you call them.