There should be a Can Write Active QL permission

(User Story, To be Fixed , Priority: Critical, Test Status: No automated tests yet , Reported By Justin du Coeur, )
Security
Summary: Now that we have side-effecting QL functions (_changeProperties, _notify, etc), it is now way too easy to create social-engineering attacks. We need to lock this down, probably by locking down who is allowed to write QL expressions.
The reason for the name is the long-term plan. Initially, we will prevent all saving of QL expressions from people who don't have this permission, but that's not optimal in the long run. Preferably, we will only lock down the expressions that actually cause change, which is the real security risk.