If UAC blocked access to editing registry keys, then almost all changes and all programms you run would have need UAC prompt. As almost anything now changes registry keys.
But as you said leaving it without any blocks, will be great security flaw.
So UAC only controls registry keys which it considers as Administrative.
So, user can edit and create registry keys under HKEY_CURRENT_USER, but it's denied to edit or create most registry enteries under HKEY_LOCAL_MACHINE, and some registry enteries blocked even for reading.
Just simple examples: 1.
In this picture my LUA (standart user) can't even access (read) HKEY_LOCAL_MACHINE\SECURITY as it dosen't have permissions. 2.
In this example: LUA is denied access, when it tried to create new registr entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current_Version\Run (Autorun for all users)
But LUA won't be denied if he tries to create registy entry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current_Version\Run
Because it's autorun only for this user and so user should be able to create autoruns for himself...
So, as you can see it's not security flaw, but just something to make standard user's life easier without braking security setup.
Hop it will help you