/usr/bin/pmount is currently installed SUID, but it also needs to be SGID in order to allow users in the "plugdev" group access to mounted devices. If you call pmount from a script (such as a udev hotplug event) then it runs as root:root, which means only root can access the devices (unless you use --umask to grant *everyone* access.) If pmount is installed SGID then it will use its own GID for the mount point - since /usr/bin/pmount is root:plugdev, that means any devices it mounts will be owned by root:plugdev, allowing users in the plugdev group access. See http://osdir.com/ml/linux.ubuntu.devel.changes.edgy/2006-08/msg01391.html for details on when this functionality was added, for precisely this reason.
Thanks for providing clear explanation of this issue; assigning to maintainers
fixed in 0.9.18. Thanks for reporting.