There needs to be a way to deactivate user accounts rather than completing removing. We have users that will no longer have access to the system, but could come back later (for example, trail users)....
Leaving old accounts active (even with reset pw) also represents a security risk. Given recent events, this should be reconsidered for implementation - I can't imagine it would be hard to do.