when attempting to get a list of users, use the __allow_groups__ alias.
This doesn't break anything as it is one of the (unwritten) contracts
of a user folder to install itself as __allow_groups__ in its container
(it is canonized in the manage_beforeDelete and manage_afterAdd methods
of BasicUserFolder, and the traversal machinery refers to a user folder
by its __allow_groups__ alias exclusively).

It's actually likely that all code in Zope's security machinery that directly
refers to a user folder by its 'acl_users' alias in this way is wrong.

Referring to the user folder by its __allow_groups__ alias in the security
machinery exclusively gives us the ability to insert a "proxy" object as
can act as an intermediary for a "real" UserFolder object, allowing us to
massage the output from its interface methods as necessary to allow for
grouping and other tricks.