OWD is the security floor — the lowest level of access any user has to records they don't own. The trade-offs are between simplicity, performance, and the cost of opening access back up.
Public Read/Write — anyone with object access can read and edit any record. Simple, fast, no sharing recalculation cost. Use it when records are intrinsically shared — e.g., an Account in a small B2B company where every rep can edit every account by design. The cost is no record-level privacy; you're trusting profile permissions and audit instead.
Public Read Only — everyone reads, owner edits, others need a higher layer (sharing rule, manual sharing) for edit. Useful for reference data: every rep can see all Products, but only Product Managers can edit. Sharing recalculation is slightly more expensive than Public R/W but still cheap.
Private — only the owner sees and edits, plus anything granted by Role Hierarchy, Sharing Rules, Manual Sharing, Teams, Implicit Sharing, or Apex Managed Sharing. This is where things get expensive: every user-record visibility check has to walk those layers, and any change to a sharing rule kicks off a sharing recalculation that can take hours on large orgs. You also have to think about access deliberately — there's no "everyone can see it" floor to fall back on.
The tipping point is usually compliance: Private becomes mandatory when you have data you legally can't show to all users (regulated industries, HR data, deal teams that can't see each other's pipelines). For everything else, start as open as the business allows and tighten only when needed — going Public-to-Private is much harder than Private-to-Public because you suddenly need to enumerate who should see what.
For child objects in a master-detail relationship, OWD is Controlled By Parent and you can't choose anything else — the master object's sharing dictates the detail's.