The comments in the 3.x sql file led me to believe that it was to decide if a user could even see a module in the listing. I think it was a simple answer to the question "What if we write mostly open source software, but we have a couple of modules that we need to keep under wraps?"... not intended to scale to more than a few special people who maintain the module code. ACS Perms would allow some much more complicated scenarios.
