In order to help alleviate many of the privacy concerns raised in T21161, there should be a preference to disable auto-creation of accounts with CentralAuth.
To maintain the expectation of privacy, it should probably be set to disable auto-creation as the default.