If a moderator has a permission to disapprove posts in a forum, he can remove absolutely any posts in that forum.
It is because the current trash bin system uses approval/disapproval functions. So the "disapprove post" feature lets a moderator remove any posts if he has the permission "Can approve and restore posts".

That moderator also has full access to the forum's trash bin and can delete and restore posts from there.

I think that any permanent post deletions should be forbidden if the moderator does not have the permission "Can permanently delete posts".

The fix here simply makes some links hidden, but does not remove the possibility.