Currently, the translation.override config setting is web-editable.
We generally lock settings so they can't be edited from the web UI if an attacker who compromised an administrator account could use the setting to escalate access.
It's not immediately clear to me exactly how an attacker would use this setting to escalate access, but since you can replace any string in the UI, it doesn't seem like a huge stretch to imagine you can do something with it. Maybe rename the "All Users" policy to "No One", or replace "Test Plan" with "type ur password in this box ➔ ➔".
A lot of this is probably in the general realm of social engineering and not really a threat, but maybe worth thinking about attacks here and locking it if we can come up with anything good.