I think we should stay focused on the issue of credentials management and not veer off into the management of authorization ids. The term "user" covers both topics. A couple random thoughts:
1) Right now, the DBO can disable an account by dropping its credentials. The DBO may need to disable an account until a security threat is cleared. You don't want the account's data to disappear in this situation.
2) Cascaded drop of an authorization id is a fair-sized project. It implies cascaded DROP SCHEMA. That, in turn, implies implementing cascade semantics for all statements which DROP objects.