I looked at MDW.close() and looks like it already does that – it opens IW and close it, then diff the files before and after the close – so that idea is not new . That way it protects against e.g. IFD bugs (or bugs elsewhere where you don't decRef() a file or something).
But perhaps we can make MDW lenient by default (assertNoUnreferencedFilesOnClose=false) and turn it on in tests where we'd like to catch IFD bugs? Then in the majority of tests we can code "normally", but in the few tests that need to make sure IW is bullet-proof, we make sure to close things in order?
Another idea I had is to use the newly added checksums to make sure that the file we're about to delete has the checksum that we think it should have. Of course, if you re-index the exact same set of documents in the exact same order, this is still a false positive, but I don't know how common that is. But then, I'm not sure if it's ok to rely on such logic, and perhaps the simplest thing we could do is treat the Directory read-only by IndexReader instances.