The following is present in the 7.92 release.
Despite security groups ensuring this tab is view-only, relationships not connected to an actual constituent record are still editable. This should be changed to be consistent with the security setting.