Basically, GroupManager has functionality that allows you to give people access to commands for setting groups and permissions, without giving them op or full access to your server. My suggestion (now that I'm using LP) is that this be implemented here.

How GroupManager does it:
Say I'm in the group "Admin" and I know that the "Owner" group has the * permission aka access to everything. I try to add myself into that group with /manuadd Myself Owner. GroupManager tells me that I cannot modify someone with the same permissions as me or higher. So basically, I cannot modify other admins or owners, head-admin, etc.

But wait, I could give myself the permission for overrides, right? So I try to give myself the groupmanager.op permission, which overrides the inheritance limits (without this permission, I can only add people to groups I inherit, and the people must have fewer permissions than me). When I execute the command to add this permission to my group or myself, it tells me that I cannot give permissions that I don't have myself.

Essentially, this allows you to give staff members access to help you with certain tasks, but does not allow them to grant themselves all the power on the server. Maybe you're on vacation and players are saying they can't auction. Your staff member could check permissions and add new ones if necessary. But they would not be able to add new permissions to themselves and gain more power.

Note: The ONLY flaw I could find in the GroupManager system is that I could add a higher group to my own inheritance list with /mangaddi and then I would inherit its permissions and gain more power. However, this could easily be avoided by not giving the rank access to change inheritance, and as discussed above, they wouldn't be able to give themselves this command.

So in all, I think that certain commands like setting a parent group, adding permissions, etc. should have these limits like in GroupManager. I think that once this is implemented, any possible loopholes (like the inheritance one) should be explained so that server admins know exactly how to set it up so that non-ops cannot use the plugin to give themselves more power.