Hi,
I am managing Grafana v11. I was making accounts with viewer permission for our clients. I found out when I logged into one of those accounts I could still press ‘e’ on a panel in a dashboard and edit from there. I can’t save these edits, but they do apply to the panel when you ‘esc’ out of the edit.
This is obviously NOT WANTED for viewer. I think that speaks for itself.
Just wanted to clarify as this IS A BIG ISSUE.
I would like to hear about that your big issue more 
because I’m allowing that for my users explicitly (so anyone can check used queries in the dashboard in convenient UI and they don’t need to bother me :-D):
What will you “hide” when you not allow it? I will use browser console and I can inspect any queries on my own even when you have viewers_can_edit=false.
IMHO: if you need Security through obscurity, then Grafana is not right tool for you.
I wouldn’t know more to say, I made sure viewers_can_edit=false and still the issue persists. A real bummer if you ask me. Grafana is such a great tool but tiny issues like this really make it tough.