Properly Securing GAE Task Queue URLs (without using app.yaml)

I want to secure my Task Queue URLs against malicious access.

In the views that the Task Queue requests I've got:

if not users.is_current_user_admin():
    return HttpResponse(status=403)

But my Task Queues are receiving 403 errors! I was under the impression from this GAE documentation that the Task Queue user was gauranteed to be an admin. What gives?

NOTE: I'm using DjangoNonRel so I can't specify the admin only url access in my app.yaml, I have to do it programmatically in the views.