Here's a copy of the section (6.14) in the Java Programmers FAQ that explains why private protected was dropped:
It first appeared in JDK 1.0 FCS (it had not been in the betas). Then it was removed in JDK 1.0.1. It was an ugly hack syntax-wise, and it didn't fit consistently with the other access modifiers. It never worked properly: in the versions of the JDK before it was removed, calls to private protected methods were not dynamically bound, as they should have been. It added very little capability to the language. It's always a bad idea to reuse existing keywords with a different meaning. Using two of them together only compounds the sin.

The official story is that it was a bug. That's not the full story. Private protected was put in because it was championed by a strong advocate. It was pulled out when he was overruled by popular acclamation.

Personally, I think it was unnecessary and would not really be a good thing, for the reason explained in the mystical fifth level of visibility in Java: Classes inside the same package are written by you yourself or people you should be intensively communicating with. Protecting yourself against your own stupidity is not a compiler's job.