There is a “read only” rule modelled on it. That means the user cannot change or delete these roles. Contrary to the “user defined” ones (that the user creates through the app, e.g. to set credentials to the work queues). Those are under the full user control.
So when an application role is created by ORIGAM Architect based on modelling, the flag is set to true as it is a model-bound role and should be only changed again through a script by the developer. When you create it from the UI, the flag is set to false and you can do whatever you want, except of changing the flag itself.