Remember that if a class is not declared as either with or without sharing, the current sharing rules remain in effect. This means that if the class is called by a class that has sharing enforced, then sharing is enforced for the called class.
Note: A user's permissions and field-level security are always ignored to ensure that Apex code can view all fields and objects in an organization. If particular fields or objects are hidden for a user, the code would fail to compile at runtime.
But sometimes, it is required to Apex check if the current running user is allowed to perform the operation based on the other security settings (FLS, CRUD). You can easily check this using Dynamic Apex.