This is obviously a security issue, since this permits a user to replace an existing package that is scheduled to run with his own package which may do all sorts of evil things.

Now, you cannot accuse me to know too much about SSIS or DTS, but so much is clear, this is not security flaw in SQL Server as such, but a problem in your environment.

Since I don't know SSIS/DTS, I don't know exactly how the connection is made, but I would guess that there is a linked server set up. It sounds that this linked server has a login mapping so that this user maps to sa or somesuch on the prod server.