You can delete the scmanonymous user just fine, but if you delete the scmadmin account, it recreats both scmadmin and scmanonymous when you restart the server. My guess is that this is by design so that you always have at least the one admin account and can't screw yourself out of having access to the server. For example, I use ldap for authentication, so if I deleted the scmadmin account and the ldap configuration changed, I would have no way to login to scm-manager and update the settings. You can of course change scmadmin's password and e-mail address just fine though.
Keep in mind if you delete the scmanonymous user you are not able to use the "Allow Anonymous Access" feature. I think you should keep both users, because the anonymous is not able to use the system if the "Allow Anonymous Access" is disabled and the admin account is as DRayX said good for recovery.
I can not delete both scmadmin and scmanonymous and even can not update their password and email address.
How can I trust that my projects will never expose to public?!