This is an issue to follow up on the good point that micbar brought up in .
In version 7.x-2.0-unstable4 the file_delete function has been replaced with the api function file_delete_multiple, which avoids unwanted validation and usage checking.
If a user has the permission to delete files, we cannot restrain him from deleting files used in nodes. He only gets a notice "(in use)" from the delete confirm form.
Couldn't we add another permission, e.g. "delete files in use" and check file_usage_list if a user doesn't have this permission?