Drupal sites can allow users to be deleted or even for users to delete themselves. This can sometimes lead to unexpected situations where anonymous users (i.e. the whole internet) are able to view or edit pages on the site which they otherwise shouldn't be able to see.
For Drupal 6 and possibly Drupal 7: Rather than deleting users, simply block them.
For Drupal 7: be cautious on /admin/config/people/accounts about using the "Cancelling account" option for "Delete the account and make its content belong to the Anonymous user."
An example of problems
For Drupal 6 it's possible to encounter this bug with just Drupal core:
- Grant the "edit own page content" permission to anonymous
- Create a user "tobedeleted" and create a page with "tobedeleted" as the author
- Delete the "tobedeleted" user and note that the node created in step 2 now has Anonymous as the author
- Log out of the site and view the node
- The node can now be edited even though the user is not logged in
When combined with node access modules other situations with similar results can occur if a user is deleted instead of blocked.