New enrolment plugins can be made non-deleteable by overwriting the function
public function instance_deleteable($instance)
abstract class enrol_plugin
does call the function in order to decide whether to display the deletion icon.
However, the actual deletion action does not call the function anymore.
Therefore, with a handcrafted URL like
one can still delete the enrolment instance given the capability
FIX: instances.php should also call the function instance_deleteable() before deleting an instance and before asking for confirmation.