You can now prevent users from modifying their profile settings (usernames, emails, passwords, etc.). To do this, create a role without "update profile" permission or revoke that permission from existing roles.
Predefined User and Guest roles have this setting turned on. You will have to enable this for your custom roles yourself as necessary.