At the moment we handle tree deletes as if they would be normal deletes regarding the ACLs.
But this is not the Windows behaviour. If you've got there the TREE_DELETE right on the base object and send then the TREE_DELETE control you are able to delete all subobjects fully independently of their security descriptors (beside other checks as system flags and similar which remain).
Source: MS-ADTS 188.8.131.52.5.7
Yeah, that's true. At the time the acl module was created we did not support the delete tree operation. I'll fix it when I have the time.
I'll upload patches for 4.0
Metze says this one is fixed in 4.0.0rc6 (with the patches for bug #8621).
Closing out bug report.