Well techically, you can't prevent user from doing anything unless you deny him right to modify the INI file or registry. It is out of scope of WinSCP, you should use features of operating system (file system).
But anyway, WinSCP3 has "hidden" feature, which might help you: Each stored session has additional configuration parameter "Special", which does two things. First: it highlights the session in the list. Second: it prevents user from modifing the session parameters. Note, that user can add new session, which includes possibility, that he loads the special session, modify its options and saves it under new name.
How to include the 'special' option:
For registry:
[HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\My Special Session]
"Special"=dword:00000001
For ini file:
[Sessions\My Special Session]
Special=1
Note that WinSCP3 uses INI file winscp3.ini, but registry key "WinSCP 2".
Resume: If your purpose is to prevent user from accidentaly changing session options, this feature is right one for you. If you want to prevent user from changing anything, you must use features of the operating system.
Let me know if this helps.