If usernames need to be unique, but are not email addresses, protect your sign-up page with some sort of CAPTCHA. This will make it difficult for an attacker to mine username information with a script.
