While I do agree one doesn't need to use "?<shared-host-here>",
I stongly disagree with your statement. Apply the golden rule
here: maximum result with minimal effort. If someone wants to
use "v=spf1 ?a:example.com -all", that's fine with me. Should
a user of example.com forge email, then this user can be tracked
much more easily than a random user somewhere included in "-all".
The problem is, that the location of the '?' in the SPF record matters. If
the record ends in '?all', the probability of an SPF 'neutral' result in
practice is much closer to mean 'fail' than it is for 'pass'. In almost
any other case (except for records trying to hide an overly lenient SPF
policy) it probably is much more likely to mean 'pass' than 'fail'.
Arjen