The theme and plugin editor files in wp-admin are not part of my workflow, and could be a potential attack vector. I’ve recently blocked access to all via .htaccess on my test server and have seen no ill effects so far.
If you still need to use the files, it’s problematic. Admins have much power. You can hide things, like remove the menu links, but you can’t block, as they have the same privileges as you. The broader question is if you don’t trust them to see or edit code, why do they have admin status? (Rhetorical question, no answer needed)
