That's an interesting question. The SYSCS_UTIL.SYSCS_PEEK_AT_IDENTITY function is the new, concurrent way to get the information which customers used to get by querying SYS.SYSCOLUMNS.AUTOINCREMENTVALUE, just as SYSCS_UTIL.SYSCS_PEEK_AT_SEQUENCE is the concurrent way to get the information bounded by querying SYS.SYSSEQUENCES.CURRENTVALUE. Since you can get a fuzzy approximation of this information by querying the system tables directly (and we don't want people to do that), I don't see a great deal of value in restricting the execute privilege on these functions.
Derby and JDBC treat metadata as world-readable. Maybe Derby and JDBC are wrong here and we should explore whether we could tighten up the access controls on metadata in general.