the first question is whether you need to protect against new enemy; if so, you need to ensure the zedtoken is stored when the document's contents are modified

The answer is yes. And yes, I intend to store it for each doc. Question is does it really matter where? As in, what is the rationale behind recommending that we store it alongside the document? Is it simply to ensure that it's atomic? No other reasons?

pretty much