Hi Giovanni Ortiz,
Product team confirmed that they have identified a bug with the behavior you have noticed and working on fixing it. I do not have a definite ETA at this point but will keep you posted as I get more updates on the fix.
Expected behavior: Excepted behavior is that regardless of the auth type, secondary namespace should always block any request other than the GET.
Appreciate much for reporting this issue here and helping improve Azure products.