This is not an answer, rather a collection of links and thoughts in case someone else would like to study as well. Because this is quite an interesting thing.
Related answer on Unix&Linux mentioning it is (or was, can't test with vanilla kernel right now) possible to dump read only binaries this way.
Grsecurity was trying to fix this config option and the patch itself (altough it may have changed since)
This commit really makes it seem that, kernel developers really care only about dumping suid binaries.
But actually from this line I'd guess kernel wants to prevent dumping unreadable binaries regardles of SUID status. And this line suggests that binaries which are not dumpable should not be traceable.
So at first sight it seems you have found a bug in kernel with security implications. But I am no kernel developer, so I can not say for sure. I would ask on LKML.
Edit: one more finding, with regards to debugger, mentioned in comments to original post - from quick stracing (again) it seems to me, that gdb uses the traced binaries and /proc/<pid>/mem. Once the running binary is not readable, cat /proc/<pid>/mem returns EPERM. If the binary is readable, it returns EIO. (Tested this on Ubuntu 14.10, which runs several security patches, so this might be different from vanilla kernel. Again I do not have vanilla kernel running anywhere handy :()