Role based picklist access not enforced when saving a record

If a user without access to specific values in a picklist goes to the edit view of a record, then, using the browser's inspector, changes the value of the picklist to a value not accessible by her, the value gets stored without enforcing the restriction.

Here is an example for the Accounts module:

The user only has access to "Analyst" and "Investor", but by modifying the value property of the select element to a not accessible value, the record gets saved.

After that, the user gets the "Access denied" message in the Detail view, but the damage is done: