myuser.user_permissions.add("whoops, a string here?!?")
I get no Traceback, why?
I'm guessing you are trying that with sqlite. I get tracebacks on MySQL/InnoDB (foreign key constraint fails) and MySQL/MyISAM (truncated incorrect double value). Apparently sqlite doesn't object if the provided data doesn't match the table schema.
Not sure it is either. Looks like Django is relying on the DB to flag an error, which seems a reasonable approach. If the DB doesn't flag it...you can always switch to one that is more rigorous in terms of error-checking.