Considering that the OP is talking about an application server, it looks to me this is a standard production security policy, not something to pester developers with.
It's not a measure to defend against internal attacks*, but to prevent escalation after an intrusion. Of course, the script should be non-modifiable.
in reply to Re^2: Perl Setuid - Oracle Password Hardcoding
in thread Perl Setuid - Oracle Password Hardcoding
*Although with some effort, it can help to protect against insiders wearing a black hat.