User=0day considered harmful in systemd

I guess this only applies to systems, where an unprivileged user has the ability to create other unprivileged users. This could be possible by a suid executable that only allows to add new users, but not to execute arbitrary code. Of course it has to be carefully checked that this executable works as intended (as with all suid executables).

I am sure there are such systems out there, even if it is not the default configuration.