There are many people in a SharePoint environment that have implicit, carte blanche, access to everything at a given level. For instance, anyone in the built-in Win2K3 Administrators group on the Web Servers can manipulate anything on the farm, anyone in the AD Group defined as the SharePoint Administration group in Central Administration can manipulate anything on the farm, owners of each Virtual Server can manipulate anything in their Virtual Server, owners of each Site Collection can manipulate anything in their Site Collection, a Site Collection administrator can manipulate anything in their Site Collection, and a Site Administrator can manipulate anything in their Site.
All these people have unlimited access to alter their respective level of control whether they are explicitly listed as having access or not. I speculate that this is because, in an environment where security is decentralized, people at various levels need to be able to rescue information office workers that get themselves into trouble. At higher levels (like the Virtual Server and the Farm), we need some means by which to take control when someone who was managing a Site Collection, a Site, or even a List/Library cannot do it themselves (perhaps they left the company or department or whatever).
<Todd />