it seems that the default public role displays all event level permissions as No edit (like every other newly created role) but does not actually set these permissions until after the first time it is saved. so by default it has no access restrictions set.