Deleted contact still viewable and editable by manually putting in their ID

If you delete a contact you can still access them by manually adding their ID to the "view" url as follows:

http://joomlasite/index2.php?option=com_civicrm&task=civicrm/contact/view&reset=1&cid=DELETEDCONTACTID&context=search

I don't know what permissions checks are done to determine whether a user should be able to view the deleted contact based on what group etc they are in, but when the deleted contact is displayed, it does not provide an edit button, presumably because a deleted contact should not be able to be edited until they are "Restored from Trash".

If you go to an edit page and manually put in the deleted contact's ID, however, it lets you edit the contact:

https://new.nswscl.org.au/administrator/index2.php?option=com_civicrm&task=civicrm/contact/add&reset=1&action=update&cid=DELETEDCONTACTID&context=search

Presumably the desired result here would be to say that the contact has been deleted, if the user has permissions to view that contact, and give the user the choice to "Restore from Trash" or "Delete Permanently" if the user has the appropriate permissions.