For v5 no, that would be a breaking change and we are in the RC phase. V6 I’m not sure.
I’ve not tested do any customization on this but I do know the permissions system and the deeper non-documented scopes system are very complex.
If a user can’t be trusted to create users properly I would give that permission at all. What’s your use case?