Accounts without permission displayed


While in 1.8.7 the list of accounts in the UI (drop down boxes for account selection) is filtered so that only accounts the current user has read access to are displayed, in 1.9.5 and later all accounts are visible.
Is that intended behavior or a bug?

I use LDAP as role provider and spin-fiat/authorize/<myuser>/accounts delivers the correct list of accounts independently of the installed version.