I guess I'll be the devil's advocate. I see no privacy issues in handing over a list of already public information You could deny it for practical reasons though, if you simply could not be bothered to scrape/export such a list yourself. Denying or allowing won't stop anyone from obtaining the list. If users were concerned about their usernames being public, they shouldn't have submitted them publicly. Public information is public, deal with it and stop being so paranoid, they're gonna get you anyway. ;)
