[Zope] Dangerous permissions granted to Anonymous to allow ZClass instantiation?

[Milos Prudek]

The following looks like a Zope bug (Zope 2.5.1):

It seems that permissions such as Create class instances must be given 
to Anonymous so that Authenticated can create class instances. It seems 
impossible to only allow Authenticated to create class instances.

Details:

Error Type: Unauthorized
Error Value: You are not allowed to access ORL_Art in this context

The error above appears for the following Python Script line:
    context.manage_addProduct['ORL'].ORL_Art.createInObjectManager(id,Dct)

The error appears if Authenticated role has the following permissions 
and Anonymous does not have them:

   Add Documents, Images, and Files
   Add ORL_Arts
   Create class instances
   Manage properties

The error disappears if Anonymous is given the above roles.

If this is not Zope bug, what might be causing it? The manage_addProduct 
did not have this problem in Zope 2.4.4.

-- 
Milos Prudek