Is there no way to disallow the editor then?
I'm afraid the answer is no...
Let's suggest a scenario: A malicious user (I don't say you have any, just hypothetically :wink: ) want to edit files but you do not allow it in Winscp. So he downloads Putty, or some other ssh/sftp client, and uses that to log in, and then edit the files with vi, or any other editor. They could even use the built-in simple terminal in Winscp to do a substitution of what they want to change in the file, or create a custom command to do the same thing.
So basically, you can take care of permissions on your local site - but if the guys 'on the other side' won't cooperate and set read-only for the files there, there is no way to stop anyone editing them using any sort of workaround.
Even if you disable the editor, a user might be able to download to another location (local disk C: is available?) and edit it there.
If you want total control, take the user completely out of the equation and make a script to do the same thing, using for instance psftp or scripting in Winscp. That would be the best solution I think.