Numerous recent changes to the ACL command line switches allow specification of quotas such as --max-connections and --max-queues-per-user. These switches are unrelated (mostly) to ACLs. Requiring the ACL module to be loaded and an ACL rule file to be specified just to get the command line switches for quotas seems awkward.
This jira proposes to build the ACL code directly into the broker so that it is always present. Note that the Windows broker already has the ACL code built-in; QPID-1842 discusses the reasoning why.
Users may still 'have no ACLs' by not specifying a rule file.