Sysops can do "SELECT" queries on the database. Only developers can do updates and deletes.
There had been some discussion a while ago of changing that and restricting all direct DB access to developers; I guess I got it mixed up with the implementation in my memory. As I recall the points of contention were:
- Users' passwords were stored in the database in plaintext.