Generally, whiteboarding is public design process, where ideas are quickly discussed and their merits considered within a team. I tend to call this a design discussion.
In my experience, this is a little lightweight in nature. There is little by way of consideration of the security-related aspects of a task at this stage. That in itself isn't a problem, as long as that is done in some other way. Sadly, very often, it is not.
It is also, in my experience, fairly common for a solution that won't work to be suggested in a design discussion, as the detail of how this new feature affects other parts of the system can be difficult to envisage in a public forum of this nature.
Design discussions can be very useful for quickly excluding ideas that merit no further thought, or identifying those that need greater attention. However, this is often not enough to be considered a complete design. Teams that do not recognise this early enough often produce systems that quickly degrade, becoming difficult to maintain. This approach can accrue significant technical debt that must be addressed regularly if velocity is to be maintained.