In all decent security schemes, user names are assumed to be public knowledge, what actually protects accounts are good and secure passwords.
That said, whether user names on a given server public or not depends a lot not only on how secure the server is, but also on the security of the used clients. Every compromised client will at least make one user name public.
That said, whether user names on a given server public or not depends a lot not only on how secure the server is, but also on the security of the used clients. Every compromised client will at least make one user name public.