Custom Attributes (which I call “ad hoc Attributes” to differentiate them from the official Attributes that are in the Capability definitions…), are more likely to have good cases for modification by one or more SmartApps.
For example, I 100% agree with Bruce…
And the Custom Device you’ve written for Hue Bulb is an excellent example. 
In most cases, calling a Device’s Command (“device.on()”) does more than just change the value of an Attribute … it actually performs an action (i.e., such as sending a message to the physical device to switch it on).
If you use other methods to directly change “physically-related Attributes”, then you are bypassing the functionality of the official contracted Command.
The concept is very similar to the rule (convention?) in Object Oriented programming that says Attributes should not be public, but should only be manipulated internally and/or by setter methods, so that these methods can immediately “handle” the implications of changing the Attribute value.
But as we’ve seen from the above examples, there’s nothing wrong with manipulating Attribute values internally (entirely inside the Device Handler), since the Device Handler knows what it is doing. And Service Manager SmartApps are just extensions of the Device Handler, so that is fine too.
And, to repeat the concept of the beginning of this post, what you do with “ad hoc / custom Attributes” is, presently, free form and undefined in SmartThings. I think it would be good if ST provided more ways to manage these (and added more official Capabilities, actually, and added “optional” extended Attributes and Commands to existing Capabilities, etc., etc.); but there’s no use throwing away the great power of the flexibility we have in the meantime.
I fear that the free-formness of all this, however, will make it more difficult for SmartThings to “certify” submitted Device Types and SmartApps for publication. As ST studies the creative stuff we come up with, it would be helpful for them to at least document more recommended best practices and certification rules.