Security hole

Scenario: Logged in as a user with backend access, but only permission granted is View for a custom module created with the module builder.

Issue: When viewing the content items, there is a "Content types" link in the sidebar. Clicking this link launches the module builder, and from here I am able to deactivate the module.

Regards,
Gary