diff --git a/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.Defaults.cs b/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.Defaults.cs
new file mode 100644
index 00000000..7ad90aab
--- /dev/null
+++ b/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.Defaults.cs
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Google Inc. All Rights Reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file or at
+ * https://developers.google.com/open-source/licenses/bsd
+ */
+
+using System.Threading.Tasks;
+using System.Threading;
+using System;
+using Xunit;
+
+namespace Google.Api.Gax.Rest.Tests;
+
+public partial class ClientBuilderBaseTest
+{
+    [Fact]
+    public void UseSelfSignedJwts_DisabledByDefault()
+    {
+        var builder = new DefaultsTestBuilder();
+        Assert.False(builder.UseJwtAccessWithScopes);
+    }
+
+    /// <summary>
+    /// Builder with no custom behavior, which purely exists to check defaults.
+    /// </summary>
+    private class DefaultsTestBuilder : ClientBuilderBase<string>
+    {
+        public override string Build() =>
+            throw new NotImplementedException();
+
+        public override Task<string> BuildAsync(CancellationToken cancellationToken = default) =>
+            throw new NotImplementedException();
+
+        protected override string GetDefaultApplicationName() =>
+            throw new NotImplementedException();
+
+        protected override ScopedCredentialProvider GetScopedCredentialProvider() =>
+            throw new NotImplementedException();
+    }
+}
diff --git a/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.cs b/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.cs
index 020209cb..be58613b 100644
--- a/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.cs
+++ b/Google.Api.Gax.Rest.Tests/ClientBuilderBaseTest.cs
@@ -5,16 +5,6 @@
  * https://developers.google.com/open-source/licenses/bsd
  */
 
-using Google.Apis.Auth.OAuth2;
-using Microsoft.Extensions.DependencyInjection;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
-using Xunit;
-
 namespace Google.Api.Gax.Rest.Tests
 {
     /// <summary>
diff --git a/Google.Api.Gax.Rest/ClientBuilderBase.cs b/Google.Api.Gax.Rest/ClientBuilderBase.cs
index 01970798..439c3e34 100644
--- a/Google.Api.Gax.Rest/ClientBuilderBase.cs
+++ b/Google.Api.Gax.Rest/ClientBuilderBase.cs
@@ -103,10 +103,12 @@ public abstract class ClientBuilderBase<TClient>
         /// Returns whether or not self-signed JWTs will be used over OAuth tokens when OAuth scopes are explicitly set.        
         /// </summary>
         /// <remarks>
-        /// In the base implementation, this defaults to <c>true</c>. Subclasses may add code in their own constructors
-        /// to make the default effectively <c>false</c>, however.
+        /// In the base implementation, this defaults to <c>false</c> for maximum compatibility.
+        /// Subclasses which provide clients for services which support self-signed JWTs with scopes
+        /// may change this property value on construction, effectively changing the default to <c>true</c>
+        /// from the perspective of user code.
         /// </remarks>
-        public bool UseJwtAccessWithScopes { get; set; } = true;
+        public bool UseJwtAccessWithScopes { get; set; } = false;
 
         /// <summary>
         /// Creates a new instance with no settings.