Perhaps it may be best to require entry of the droplet name into the confirmation modal for both destroy and rebuild.
I've recently made the mistake of destroying the wrong droplet during hasty dev, preparing and validating automation of deployments from images.
Another suggested displaying the droplet name in the confirmation modal and that would help but I feel it may also go ignored. The practicality of having the end user regurgitate the proper droplet name seams to me the best way to insure realization of their action.
Another suggested password entry into the confirmation modal. I see that as a solution to an alternate issue but I question the necessity if the user follows the best practice of logging out when away from their device. I wouldn't consider it a solution to deletion of the wrong droplet.