yep if you are granted execute to a proc, even if you, the caller, are denied permission to the underlying tables, the proc will execute.
is this a real problem for you, that a programmer or DBA changes a procedure from SELECT to UPDATE?
it sounds more like an issue with getting with the programmer, who should be creating new procedures to handle the update.
How is he modifying an existing procedure without otherwise reviewing all the code that used to call the procedure and change how they are handled?.
Lowell