I've implemented the ability to define roles that cannot be deleted from the ui in this change set, so it is in the repository now. You can see my implementation by viewing the change set.
Note that I implemented it in a more simple way that works with all supported databases and does not require any sql changes.
Also I want to point out that your approach of concatenating a sql fragment and passing it in as a parameter is something I would avoid doing. While in this case it would not be dangerous because you were concatenating values from the config file and not user input, if someone uses a similar pattern with user input they would be writing code that is vulnerable to sql injection. So I would not want code examples like that in mojoPortal because others might copy that pattern and use it in more dangerous scenarios. In general use of parameters protects us from sql injection attacks but that is only true in the case where we are comparing a parameter to another value like a column value or another parameter, the way you used it in your example is not protected by the use of parameters but its the kind of thing where someone might incorrectly think it was safe since they used a parameter.