As for login credentials, it’s uniqueness from the point of view of the network is dependent on Username, PIN and Password combined. You and I can both use the login username “Seneca” just fine, as long as our PIN and/or Password are different we will get different passports (which contain our actual network identities). The network doesn’t even receive our username (nor PIN or password), they stay local.
As I understand it, the public name registration mechanism is a separate system from logging in. Some sort of system preventing mass registration is definitely needed there. There was a thread about it a long time ago, including solutions, I’ll see if I can find it.