I have actually worked on systems where the signup form allowed multiple users to have the same user name, and the log in process consisted of checking for the existence of a (username,password) pair. Needless to say, I regarded this as a major design flaw and fixed it (except for the existing non-unique users). But there is, for all the reasons it shouldn't be done, a situation where the signup form doesn't leak usernames.