Assuming the pairing request from central to peripheral looks like this:
Then the pairining would use Secure Connection, but with the Authentication Method "Just Works" because of the IO-Capabilites of the initiating device.
My question is: Can this connection still be considered Mode 1 Level 4 aka. SCO?
Found the answer:
According to this table, when at least one device has the MitM-bit set, neither of them has the OOB bit set and the initiating device has NoInputNoOutput as its IO-capabilites, then JustWorks Unauthenticated will be used. This means, that it is not an authenticated pairing, therefore it does not fulfilll the requirements for being mode 1 level 4 and the state of being can not be called "Secure Connections Only Mode"