Like described in bug 196981, there is a discrepancy between participation checking done using IPerson.inTeam() and by joining the TeamParticipation table.
One consequence of this is that in the case where the owner isn't a member of the team, a team owner wouldn't see a team-owned private branch in a listing (filtered using TeamParticipation) but would still be able to see the branch by navigating to it (checked using inTeam()).
(This is not really a security issue, because the owner could always have access by adding himself to the team which he's entitled to do.)
Instead of forcing owners to have a membership record, it's cleaner to simply remove the special case in inTeam() and modify security adapters that need to also grant access to the team owner explicitely.
Like described in bug 196981, there is a discrepancy between participation checking done using IPerson.inTeam() and by joining the TeamParticipation table.
One consequence of this is that in the case where the owner isn't a member of the team, a team owner wouldn't see a team-owned private branch in a listing (filtered using TeamParticipation) but would still be able to see the branch by navigating to it (checked using inTeam()).
(This is not really a security issue, because the owner could always have access by adding himself to the team which he's entitled to do.)
Instead of forcing owners to have a membership record, it's cleaner to simply remove the special case in inTeam() and modify security adapters that need to also grant access to the team owner explicitely.