While we test some code, we deleted all full access keys of some NEAR accounts, and that account looks to be dead now.
We’re just curious why this is not forbidden. Is it useful somehow? It seems it could lead to catastrophic consequences for the user loosing control over their account.
While it is not useful and is dangerous for a regular account to get all its access keys deleted, it is a common pattern to create an account, deploy a contract, and remove all the keys from the account to prove that nobody can redeploy the contract anymore.
You can find a number of examples on NEAR mainnet already, e.g. staking pool contracts are deployed and "locked" this way staked.poolv1.near. See more details about locked contracts in this answer.
Accounts in NEAR may hold a contract, so there is no special case for contracts vs regular accounts. If there is no contract and no access keys, it is indeed a dead account, just as an account would be dead if it has public key(s) whose private key/seed phrase is lost.
The cool thing about NEAR's accounts model is that you could setup a backup key to the same account. All of your assets are attached to the account ID, so you can add new keys without a need to transfer all your assets.
Basic concepts documentation is a good starting point to learn more about accounts in NEAR.
The named account model should be quite familiar to anyone who used to work with Web2 apps, where users usually use their usernames as identifiers, and when signing in, the server generates a session token. The NEAR accounts model is almost the same but instead of some random session token, cryptographic keys are used.