Indeed, I never noticed that either. I tried adding the nosecurity option to the query, but that option is not used by Designer.
// Doesn't work
I also believe that references in Designer should not respect security. Jeroen, I recommend you make a case for this "issue".