similar/duplicate modules

PP sanitizes the Administer users permission for users who have Administer users but not Administer permissions ("deputy admins"). Users without the former pose no risk, and users with the latter are all-powerful anyway.

see administerusersbyrole, D6 & D7

Deputy admins cannot assign or remove roles that carry security-relevant permissions, which they don't hold themselves.

see role delegation, D6 & D7

In addition, deputy admins cannot edit user names, email addresses, nor passwords of accounts that hold security-relevant permissions, which they don't have themselves, nor can they cancel/block/unblock any such accounts (directly or through bulk operations). This ensures that deputy admins (or someone who stole such an account) cannot obtain additional permissions or disrupt the operation of a site through hacking.

userprotect module does this and more, D6 & D7

The new Administer user settings permission governs access to the admin/config/people/accounts pages. Access to these pages is not required for daily operation.
One setting on the admin/config/people/accounts/settings page, the Administrator role selection, carries a much higher security risk than all the others. We think this selection should be restricted to the Administer permissions permission, and we consider this to be a bug in D7. The Fix Core module for D7 has a fix for this.

as mentioned, Fix Core handles this, for D7 (and D6 probably too)

PP considers only permissions that are marked as having security implications, in core or contrib.

The optional new Administer safe permissions permission allows you to grant selected deputy admins access to a sanitized permissions page (with all permissions grayed out that have security implications), so that they can add or remove non-security-relevant permissions to/from any role and learn how use that page.
The optional new Administer own permissions permission works like the Administer safe permissions, but it makes a different subset of permissions available: those that the user himself holds, including the (restricted) Administer users permission, but excluding the two new Administer xyz permissions permissions.
Either of the last two permissions allows creating and deleting roles, as long as these roles do not carry inaccessible permissions. They can be granted separately or together.
The PP module protects itself against being disabled by anyone but user 1 and users holding the core administrator role.

this ones are about removing control from admins. when giving permissions to change permissions in the system, it's obvious we have to trust the user. i haven't had an use case where a lower admin needs permissions to change core configurations in drupal or the permissions.

there's quite a lot of overlap here