It seems that any user has the right to execute a function, whether or not it has been granted the EXECUTE privilege on it. Even a REVOKE EXECUTE has no impact. A privilige error will be raised only if the function tries to access an object (ex.: a table) for witch the user doesn't have the appropriate privilege(s).