Okay, a bit of background, so feel free to let your attention wonder for a moment if you already know this. OpenSocial has it set up that when a DataRequest returns, it passes a DataResponse object to the callback function. That DataResponse object is an object bundle made up of ResponseItem objects, that are responses to the individual Requests that made up the original DataRequest.
The DataResponse object has an hadError function which will tell you if there was an error with one (or more) of the ResponseItems. But the ResponseItems are still present, since it's only there that you can determine what the error is, through the getErrorMessage and getErrorCode functions. This is done to handle multiple errors from multiple Requests bundled in the original DataRequest.
That's why you still get a ResponseItem object from a VIEWER request even if the VIEWER does not have the App installed. If you investigate it further (you can check this in the debugger), getErrorMessage from the VIEWER ResponseItem will have an "Authorization Error" I believe (or something similar).