When using the Bulk Loader to create or modify users, there are read-only fields on the profile screen of the IM admin task called by the Bulk Loader.  If these fields are included in the CSV input file, they can still be set or modified despite being read-only on the screeen.  They are not marked read-only in the user store at the directory level.

 This is by design because all the validation checks for permissions such as read-only fields are applicable from the UI side only. These validations will not impact bulk load operations. 

Release:
Component: IDMGR

A potential workaround would be to use with a BLTH or PX policy that checks whether any such attributes are changed and handle that as suits the business requirement.