These users can still be instantiated, as would happen if there is no security and an anonymous user triggers a build -- the anonymous user would correctly be created and added to the User list. This fix merely prevents the saving of that user, and therefore prevents them from logging in.

There may be some plugins which trigger a build as the SYSTEM user, and that is not prohibited here.

Also prevent full names of 'anonymous', 'system' or 'uknown'. As discussed on SECURITY-166 this may encumber auditing since full names are used in most places in the UI