Bureaucrats should be able to rename users to a globally-reserved (ie unified) name /only/ if the accounts belong to the same person. This should use the same logic as merging accounts (Checks password and/or email, IIRC. Change summary as required to fit what it actually does.). In cases where that logic would require the user to enter a password, the rename should be aborted. This ensures that 'crats never unknowingly give the account to someone else.
(Better would be the user is actually asked for the password on their next pageview - if successful, 'crat is notified the rename went through; if unsuccessful the rename is aborted and the 'crat is notified of this. But that is probably very difficult.)