My request is to be able to mention without requiring to assign the "Browse Users" global permission. JRASERVER-7467 asks to restrict the browse users permission to project users, which would resolve our issue, because then we would be able to assign "Browse Users" global permission to all our customers with no information leakage.
However, JRASERVER-7467 has been parked because it is very difficult to solve. It is difficult to decide exactly which users to show and which users to hide. Therefore, I request to track the mention subproblem separately, because it is much easier to solve: show the users which can browse the issue you are mentioning on - just like JIRA already does.