Latest decision is to keep the permissioning bidirectional. This way an implementor has more options with permissioning via hooks. Check this post for the use case - http://forum.civicrm.org/index.php/topic,6808.0.html
--------- Original Post ----------
When creating an employer/employee relationship, both "view/update" control options are available. Seems like for that particular relationship type, only the appropriate direction should be available.
In other words –
If the relationship is being built from the individual's record, only the option stating this individual can view/update info for the parent employer. If the relationship is being built from the org's record, only the option stating the individual can view/update the org data.
As it stands, there's an option that the organization can view/update the individual's record, which is illogical given that only individuals can be users in the CMS.