Yes I thought so too.
However:
select user_name(grantee_principal_id), permission_name, state_desc from sys.database_permissions where major_id = object_id('xp_fixeddrives')
tells me that public has exec granted.
The following:
create login bob
WITH PASSWORD = 'b0b',
CHECK_POLICY = OFF
master..sp_adduser bob
grant exec on xp_fixeddrives to bob
Then tells me bob has the rights on it.
But if you log in as bob, and run xp_fixeddrives it runs fine, but doesn't give you any (ok, me and I think you) results. Which is odd quite frankly.
I haven't managed to figure out yet exactly what it does need, but I don't want to be connecting reporting services as sa... 
I am hoping someone may be able to point at a setting/permission perhaps that handles this.
Cheers.