It not the first time I’ve come across this issue.
A user has misinterpreted the X on the folder list as a close button, and before you know it, a frantic call is made to IT support to recover a deleted folder.
In nearly all cases where I’ve set up security, I’ve strongly recommended that the delete object functionality is disabled. Some clients want that functionality, and who am I to deny them that? But once they become aware of the issue, they are normally happy to change the permission.