That when a moderator tries to ban an uneditable user, they get this rather scary message saying exactly where it's been set that the user cannot be edited?

Sorry, this user is protected from being altered in the config.php file by the $config['SpecialUsers']['undeletableusers'] variable.

Doesn't that mean that any hacker who tried to ban an administrator at a vBulletin forum now knows exactly where to go to remove the 'uneditable' protection from the user so said user can be banned?

Well if they can get there surely you have more problems then just a user being uneditable?

Also would you really be giving moderator permissions to a potential hacker? (Granted you might not completely know the person but you would have a pretty good understanding of them)

No, but if they say... hacked a mod account, then they'd know exactly where to edit the information.

What I'm trying to say is that they aren't really stupid if they have gotten thus far. They would at least have some knowledge of vBulletin, it is completely viewable so even with an illegal version you will easily be able to find configuration information.

They are going to know where it is before they have even got into a vBulletin installation.

For example, lets say someone was to rob a bank... Then when they break into the bank the bank manager tells them where the vault is. Regardless of whether he told them or not the thieves already have the blueprints of the bank so it wouldn't take them long to find it. Either way the thieves know where the cash is...

Basically, if someone has got that far you're pretty much screwed anyway regardless of whether the intruder has been told that information...

The only way for them to even edit the information would be to hack into an FTP account that has access to /forum_dir/includes/...