In the typical case, probably, but if you have a large organization you could easily wind up with one exception. What rights these people do and don't have still seems important.
One exception who invited legal trouble for the organization as a matter of some kind of principle would likely find himself no longer a member of the organization. In the best-case scenario, this person gets to see the source code for an internal tool. Who exactly is going to fund this legal battle?
What about one exception who was already on the way out? Or what about one exception who was engaged in industrial espionage?
I'm just saying if you're just relying on employees not exercising rights they have - after which something you've been trying to prevent distribution of can be freely distributed - your situation is somewhat fragile.
