Section Access refers to dynamic data reduction, or data level filtering based on user or group, it has nothing to do with restricting access to a stream.
When Qlik Sense is first installed a default set of security rules is loaded into the system.
One of these (below) links the ContentAdmin role to all streams, tasks and more.... it gives a user tagged as a ContentAdmin with all rights.
This is the rule that is likely to be currently allowing users access to this stream.
You may want to consider removing the role of your existing users so they don't fall into this.
You can also create custom properties to define new user groups and reference them in rules as well to fine tune things.
there are a lot of possibilities and i don't suggest deleting anything out right. Also ensure you are always designated as a rootadmin so you don't get locked out. finally, use the 'audit' function in QMC to test the rules so you don't have to bother users very much as you test new rules