Index: wp-includes/capabilities.php
===================================================================
--- wp-includes/capabilities.php	(revision 19626)
+++ wp-includes/capabilities.php	(working copy)
@@ -939,6 +939,11 @@
 		// Allow user to edit itself
 		if ( isset( $args[0] ) && $user_id == $args[0] )
 			break;
+		// Don't allow user to edit a protected user, if the first is not protected too.
+		if ( isset( $args[0] ) && ( user_can( $args[0], 'self_protect' ) && ! user_can( $user_id, 'self_protect' ) ) ) {
+			$caps[] = 'do_not_allow';
+			break;
+		}
 		// Fall through
 	case 'edit_users':
 		// If multisite these caps are allowed only for super admins.
@@ -1142,6 +1147,16 @@
 		}
 		// Fall through if not DISALLOW_UNFILTERED_HTML
 	case 'delete_user':
+		// Don't allow user to delete itself (just in case)
+		if ( isset( $args[0] ) && $user_id == $args[0] ) {
+			$caps[] = 'do_not_allow';
+			break;
+		}
+		// Don't allow user to delete a protected user, if the first is not protected too.
+		if ( isset( $args[0] ) && ( user_can( $args[0], 'self_protect' ) && ! user_can( $user_id, 'self_protect' ) ) ) {
+			$caps[] = 'do_not_allow';
+			break;
+		}
 	case 'delete_users':
 		// If multisite these caps are allowed only for super admins.
 		if ( is_multisite() && !is_super_admin( $user_id ) ) {