There are several sides to this. What it should be ideally, what is is practically, and what it usually has to be practically.
There are two contexts to the writing files in WordPress.
Just do it with PHP
The locked down hardest scenario here is that only uploads is writable. Otherwise core functionality will start to break down.
However plugins might play loose with it and assume all of wp-content to be writable.
Filesystem API
This is proper way to do writes, but it’s also hard on end–user since it asks for FTP credentials if that’s what it takes it.
This needs to be able to write everything, or (again) core functionality breaks down and in larger ways (updates, etc).
So to sum it up:
- Only uploads should be writable via PHP
- If rest of content folder isn’t writable third party code might fail
- Filesystem API should be able to do whatever, unless you want to lock it down hard to the point of read–only filesystem from WP perspective (some setups do work like that)