Currently, to run DBCC SHOW_STATISTICS on a table, you need to be the table owner, or you need ALTER or CONTROL permission on the table (db_owner or db_ddladmin). This is very unfortunate when you run a linked server, and the account on the linked server is a low-priv account. The source cannot retrieve the statistics of the remote tables in this case, which can lead to veritable performance distasteras.
It is very difficult to see why extra permissions should be required to view data that I already have access to. That is, if I have SELECT permission on the table and the columns in the statistics, there is no security reason why I should be able to view the statistics.
For a plain user that accesses the database directly through Mgmt Studio, this is not a big deal, but in the case of linked servers it *is* a big deal.