<Security> header block with no actor can be processed by any node?

According to MZ's notes , there is a statement:

The Security header block without a specific s:actor can be consumed by anyone, but must not be removed prior to the final destination as determined by WS-routing.

Example of the security header block:
<S:envelope xmlns:s="http://www.w3.org/2001/12/soap-envelope" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"> <s:header> <wsse:Security> // no s:actor="..." specified ... </wsse:Security> </s:header> </S:envelope>

Usually, if a header block does not have actor attribute specified, this block must be processed by the ultimate receiver, not anyone.
If the header block has been processed, it is usually removed.
Does the quote in MZ's noted contradict with what a header process usually does?