I'm administering a wiki where we would like to keep the names of users confidential (unless the users choose to edit pages). For the most part this works fine, but there is a vulnerability where people can use autocomplete on User data to find names of users. I had been thinking of creating an extension with a subclass of that type where autocomplete only worked for certain trusted groups of users, but I noticed this note in the struct source code:

@todo should we have any security mechanism? Currently everybody can look up users

If I created a pull request adding a config to restrict user-lookup to certain users or groups, would this be of interest?