security issue with autocomplete

If autocomplete is enabled every registered user is able to iterate through the list of users, although if user blocking to this groups is enabled. This is a security issue in cases, where the username is the same like the emailadress, e.g. when joomla is a login portal to external authentication services.

I disagree.

It is true that all users can be enumerated with the autocomplete feature but this is not a security issue.

1. You cannot write PMs to users which are blocked by group.

2. A username (or email address like in your example) is always "public". Even when using an external authentication provider you need a password.

When you do not want any "information leakage" I suggest to disable the autocompleter.