Logged In: YES 
user_id=839582

Yes, renaming is really possible. Maybe you have to add an
email address if you use userauditor.py to enforce this.
Admin can also only edit it when supplying an email address.

Viewing the anonymous user shouldn't be a security risk, but
it isn't needed. Maybe someone gives it a special email
address or something. Hiding it doesn't break anything, so
why allow it? Any other user isn't allowed to view
anonymous, too.

To summarize it: I still think the patch is correct.