We need to carefully review all section for "Read-Only" permission.
So far it was found that FCK (add/delete), Tools (Backup, Restore, Run SQL) sections are ignoring this permission check.
In some cases like Backup/restore it's better to completely restrict user from executing all related events.