PostGuardian.can_delete_post contains a user dereference which crashes when called when there is no user logged in. Calling it from a plugin so maybe this doesn’t happen in core at the moment.
It’s not a problem that there is no user (and “no user” should equal “no permissions”). The problem is that the code assumes there is a user without checking, so it tries to see if “nothing” is in any groups.