From an admin or implementor's viewpoint, he will like that the user should not be able to make such changes which can put the database at risk, or lead to various support issues, or inconsistencies in data.
From that perspective, can you suggest a few permissions NOT to be given to the users. I have already identified 2 which I have mentioned in my question.
Also a third may be to remove permission for adding or removing an add-on..