An email is sent to the user to notify them that their account has been queue'd for deletion - after that it takes 14 days for the deletion to happen, during which time a simple login will cancel the deletion request. So I doubt it's about pranksters. These other controls seem adequate to prevent that type of thing.

The worst case is when someone gets temporary access to your EMAIL credentials. They do a "forgot password" on Facebook, delete your account, then delete the confirmation email. Of course, someone with access to your email can do far worse things than delete your Facebook account.

A million years ago we used to do that to our friends ICQ account.... it got to the point where he started keeping seperate list of all the skanks he was chatting up.