If a user hasn't been granted MAP_PUBLIC_TEMPLATE_WRITE they can, unexpectedly, only create public templates.
The client-side fix has already been committed as https://github.com/Jasig/SSP/commit/d9b2d9c7811472328367baaab4e90db29f2dc9c6 (rel-2-0-patches). We still need to add server-side code to prohibit creation of public templates directly via the API if the current user does not hold a MAP_PUBLIC_TEMPLATE_WRITE grant.
Complete fix will be in 2.0.1 first, then needs to be merged up to 2.1.0 and 2.2.0. Leaving a merge-to-2-0 label on this, though, b/c that's what we're effectively using to keep track of 11th-hour 2.0.1 fixes.