When removing a defunct user account, the safe move is to delete and merge; alternately, you can just obfuscate the account's email and password.
Kevin Mitnick's book on hacking / social engineering shows its age, and isn't of much use in understanding today's security picture.
HB Gary made a number of simple mistakes that led to a major hack. Those mistakes are all too common, in every organization.
As I was saying … today’s comic from xkcd: