Major Description
today all users except the admin can be disabled preventing it from login. however, this is not sensible for the anonymous user. if anonymous access should not be possible it is recommended to use the corresponding configuration option that doesn't install the anonymous user in the first place.
for full backwards compatibility we should have consider placing this behind a configuration option such that consumers can opt out (and still disable the anonymous) if they really want.