I think the feature should be removed. One particular customer of yours is using it to break privacy, and post as another user to make it look like he haven't banned him.
And what would stop an admin from logging into MySQL and updating the password hash of said user and doing the same thing? In all honesty I believe this feature is a good one to have as it allows the admin to preform tasks as a user, should it be resetting things on their behalf (as we don't have the ability to reset passwords in the CP at the presant time) or to validate abuse claims of users.