It's not the security policy that makes no sense. It's how the intent of the security policy is being subverted by everyone. If only DBAs are supposed to have DBA like access, then your database handle is clearly violating that goal. The policy may be poorly worded, but the intent seems clear and you should really be trying to encourage people to follow it.

With that said, the only "solution" I can think of is to write a daemon to handle the database connection that they do not have access to. Then have the scripts connect to the daemon. But you still have to trust the scripts (use a firewall to restrict access to localhost) and the developers still have practically full access to the database. It's a security nightmare, period.