Even in 2013 we cannot restrict deactivate privilege using security roles. Here is a
workaround described for CRM 2011 but similar solution would work for CRM 2013 as well.
Consider posting this suggestion to microsoft at https://connect.microsoft.com/
If my response helps you in finding your answer then please click 'Mark as Answer' and 'Vote as Helpful'