Users can remove imported entries from sbbslist

I had a new user come by today, browse the sbbslist utility (?sbbslist browse), and was able to remove an imported entry that they did not create.

I reviewed the code, and it appears the can_edit function is supposed to prevent precisely this type of action, but it doesn't. Are the string returns supposed to be the same as a boolean false return?

function can_edit(bbs)
{
	if(!bbs)
		return "not an entry";
	if(bbs.imported) {
		return "Cannot edit imported entries";
	}
	if(bbs.entry.created
		&& bbs.entry.created.by
		&& bbs.entry.created.by.toLowerCase() != user.alias.toLowerCase()) {
		return "Sorry, this entry was created by: " + bbs.entry.created.by;
	}
	return true;
}

To me it looks like it's always returning true. Could open potential for sbbslist abuse.