Should not allow to read ACL when not authorized to read node

Not authorized to read, yet still able to list ACL:

[zk: localhost:2181(CONNECTED) 0] getAcl /sasltest/n4
'sasl,'notme@EXAMPLE.COM
: cdrwa
[zk: localhost:2181(CONNECTED) 1] get /sasltest/n4
Exception in thread "main" org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /sasltest/n4
at org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:51)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1131)
at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1160)
at org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:711)
at org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:593)
at org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:365)
at org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:323)
at org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:282)