Win32 Apps can access anything you can access and also read out some text fields from apps you have running, via accessibility APIs.

In Win, access to files are controlled by ACL when NTFS is used (dating back to NT 3.1 with NTFS). So it depends on which user runs a process.

Basic hygiene is very simple: never run as Administrator. Create and use a regular user or poweruser group user. It's similar to a regular linux practice. Use Administrator account when needed only.