The CICS region acid doesn't have NODSNCHK, NOVOLCHK bypasses. It is authorized to access to the needed dataset to have the CICS region to start.
Referring to the official IBM documentation:
"Authorizing access to user data sets Version 5.2.0
When you have defined the RACF user ids for your CICS regions and given them access to the CICS system data sets, permit the user IDs to access the CICS application data sets with the necessary authority."
It means the CICS region acid does not only need the permissions to access the system datases but also need access to the application datasets.
Or the other way round: An access to an application dataset, which is not permitted to the region acid, should be denied.
When setting a SECTRACE, it shows that a security call is issued but it is made with LOG=NONE. It why the violation is not logged.
There is no CA Top secret or CICS security parms reason why it should happen.