For Delegate/Observer-type classes that specify an interface but do not have any particular lifetime requirements, make their destructors protected. This is to allow their interfaces to be implemented safely by RefCounted types. With public destructors, it's possible to do "scoped_ptr<Delegate> foo", and then assign a RefCountedDelegateImpl, which would lead to a double free. As none of these Delegates actually need public destructors (ownership of the Delegate* is not transferred during a function call / class constructor), mark the destructors protected so that it becomes a compile warning to try to delete them via the Delegate*. BUG=123295 TEST=it compiles Review URL: https://chromiumcodereview.appspot.com/10383262 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144086 0039d316-1c4b-4281-b951-d872f2087c98