Unless you setup RCS, your only hope is to recover the files from $saved_dir (see your drraw.conf) from Backup. The drraw index has links to delete graphs and so on, a spider going through these links would nicely do the job. An easy way to protect against this is to require authentication.