I think we can confirm that the fact that $1 leaves this function with the SVf_POK flag on is a bug.
demerphq had this to say with regards to why $1 doesn't carry the READONLY flag:
Not a problem for my solution. The setter called via mg_set after the upgrade will throw an error if appropriate.
Turns out that this is deliberate, as some pluggable regex engines allow for a writable $1.
That means that upgrading $1 might have no effect or might upgrade the entire source string in those engines, but I don't see that as a problem. Side-effects are
expected when playing with magical variables.
Incidentally, this bug is a regession in Perl 5.10. Perl 5.8.8 doesn't have this problem.
That would explain the presence of sv_utf8_upgrade_nomg.