You can do a lot more than that with CVS access. CVS is not secure. If you have write access to the ADMIN directory you can run arbitrary programs via CVS.
And if you have no write access, then what is the point of running it via ssh anyway? BTW giving someone write access to CVS without also access to ADMIN is a lot harder than it looks.
Running restricted account via SSH is not very common, while shell account via SSH is, so in that light the default is correct. It is really really hard to properly secure a restricted access account. So if you are going to do it, it's your job to do it properly.
And if you have no write access, then what is the point of running it via ssh anyway? BTW giving someone write access to CVS without also access to ADMIN is a lot harder than it looks.
Running restricted account via SSH is not very common, while shell account via SSH is, so in that light the default is correct. It is really really hard to properly secure a restricted access account. So if you are going to do it, it's your job to do it properly.