Currently it is possible to import an existing object into a different folder by using the overwrite option. This should not be possible if the user does not have modify rights on the existing object.

Scenario:
An object is located and read-only folder. A user with import rights can import this object into another folder (eg there is a release file with different structure, single object import targeting into default folder). When he chooses the overwrite option during import, the existing object content is replaced but it seems to be still in the original (restricted) folder. The user can now change his object in his folder (bypassing original folder restrictions). Since the overwrite option created another reference to the original object, all changes will be applied to both objects in both folders. These changes also include delete that removes both objects (even in restricted folder)