I believe this to an essential feature for your customers who are creating custom solutions
A user can be created with permission revoked to edit SQL. But user can still view the SQL. I believe the correct behavior s/b that user cannot edit and cannot view the code. This may have been the intent as evident from the dialog box that appears when saving the users rights.