User=0day considered harmful in systemd

No, you do not if an attacker can trigger a systems management tool that provisions a user. This applies to web hosts, SaaS vendors, universities with self-enrollment tools, and anyone else who allows low-privilege users to trigger user provisioning. Moreover, a user often has some control of the user they've caused to be provisioned, making a service running under that user all the more vulnerable.

Additionally, if you do rely on something like LDAP for users (which I think is not a good design for system users), users can get created by anyone with control of LDAP -- directly or indirectly in the sense of self-registration.