Ban modification of system tables is one of the most important security tasks. If you need a mechanism which allows to hide the source code stored procedures, functions, triggers, and packages for this purpose it is necessary to make a separate DDL statement. Or another solution in which the text of the procedures is only visible to the owner or SYSDBA.
I suggest not to consider it as a bug, and to preserve this opportunity to create a separate ticket as an improvement.
The ability to explicitly set the source code to NULL is restored. All other kinds of direct modifications are still prohibited. Later (v4?) it will be replaced with a proper solution, be it special permissions or new DDL command or whatever else.