Slated for inclusion in 6.1.1 CE GA2

PASSED Manual Testing following the steps in Samuel's comment.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.1.10 EE GA1.

After 5) user can save the form's data as a CSV file.
After 8) "Export Data" button is not shown because the current data has been deleted in step 6.

Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.0.x GIT ID: c51d8399f6f9ad39ba0eaea7e6b659c23978069e.
Plugins 6.0.x GIT ID: c926bee8476aa4f63aefe874024c170160a61a85.
Tomcat 7.0 + MySQL 5. Portal 6.1.x.EE GIT ID: c51d8399f6f9ad39ba0eaea7e6b659c23978069e.
Plugins 6.1.x.EE GIT ID: 5a26b4810f315ef584158543b01f03aca29c085e.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 2dd4e6bc237b042fe42c1bc245419cab83c0f38f.
Plugins 6.2.x GIT ID: ba44dcf5da9477a9cd26d57049e3eb3319fd41c1.

After 5) user will get a blank page.
After 8) Button Export and Delete are still there.

Besides, I tried to add a user with/without configuraion Web Form portlet permission, then execute step 5) and 6),
only users who have the CONFIGURATION permission for the Web Form portlet instance will be able to export and delete data.

Specific steps:
1. Add a user.
2. Assign it to liferay.com site.
3. Sign in as an administrator
4. Add the Web Form portlet to the /web/guest/home page.
5. Fill in the form with some values and click "Send" to submit the form.
6. Logout as admin, login as the user.
7. Go to http://localhost:8080/web/guest/home?p_p_id=1_WAR_webformportlet_INSTANCE_XXXX&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&_1_WAR_webformportlet_INSTANCE_XXXX_cmd=export
Replace XXXX with your web form instance ID.
8. Go to http://localhost:8080/web/guest/home?p_auth=YYYY&p_p_id=1_WAR_webformportlet_INSTANCE_XXXX&p_p_lifecycle=1&p_p_state=pop_up&p_p_mode=view&_1_WAR_webformportlet_INSTANCE_XXXX_javax.portlet.action=deleteData
Replace XXXX with your web form instance ID and YYYY with your current auth token (p_auth can be from page source).
9. Sign in as an administrator.
10. Go to the portlet's configuration window to check the Export and Delete button.

Before fix, the user could export and delete data.

11. Add a role, define with configuraion web form permission.
12. Assign the role to the user.
13 Then assign the role to the user.
Repeat 6 to 10.

After fix, the user who has the CONFIGURATION permission for the Web Form portlet instance will be able to export and delete data.

Correction about Samuel's comment.
Step 6) should be:
6) Go to http://localhost:8080/web/guest/home?p_auth=YYYY&p_p_id=1_WAR_webformportlet_INSTANCE_XXXX&p_p_lifecycle=1&p_p_state=pop_up&p_p_mode=view&1_WAR_webformportlet_INSTANCEXXXX_javax.portlet.action=deleteData
Replace XXXX with your web form instance ID and YYYY with your current auth token (p_auth can be from page source).

Test steps
1) Sign in as an administrator
2) Add the Web Form portlet to the /web/guest/home page.
3) Fill in the form with some values and click "Send" to submit the form.
4) Logout
5) Go to http://localhost:8080/web/guest/home?p_p_id=1_WAR_webformportlet_INSTANCE_XXXX&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&1_WAR_webformportlet_INSTANCEXXXX_cmd=export
Replace XXXX with your web form instance ID.

Observe that you can save the form's data as a CSV file.

6) Go to http://localhost/web/guest/home?p_auth=YYYY&p_p_id=1_WAR_webformportlet_INSTANCE_XXXX&p_p_lifecycle=1&p_p_state=pop_up&p_p_mode=view&1_WAR_webformportlet_INSTANCEXXXX_javax.portlet.action=deleteData
Replace XXXX with your web form instance ID and YYYY with your current auth token.

7) Sign in as an administrator.
8) Go to the portlet's configuration window.

Note that the "Export Data" button is not shown because the current data has been deleted in step 6.

After this fix, only users who have the CONFIGURATION permission for the Web Form portlet instance will be able to export and delete data.