Users are able to change the linked user, but not the supposed fields

If you allow users to edit fields on themselves (e.g. last_name), they are theoretically able to change the linked user. Django will throw an error because django.db.utils.IntegrityError: duplicate key value violates unique constraint "core_person_user_id_key", but this is not an security feature…

Funniest thing about: Users are NOT able to change the configured allowed fields.