added a comment - - edited
I agree with you on the idea of this issue ticket. However, there is a BOINC upstream 'problem' which relates to this. When someone creates an account, they do not choose their displayname/username; instead the BOINC client loads their username from their computer and automatically sets it as their displayname.
When people first login, they may change this display name. However, I think a lot of people simply use the username 'Administrator' or even 'root' on their home computers and then install BOINC.
Any blacklist we devise for our Drupal-BOINC site will only be implemented for changes of the username.
Update: edit to be more clear that users may change their display name.