^ yeah, thats exactly what I was alluding to in that other thread.
Guess it could also be done as a process/job (i.e. without the custom object stuff) - as long as the "type" of user that you are trying to create is well-defined - so the admin-user just submits the job (with a parameter of "user type" or some such) and the backend does all the work.
I've also set up XLS solutions that do a similar thing ; just calls XOG with the relevent XML to create a user based on parameters captured in the XLS - but that was setup really for ease-of-use/consistency rather than for any security reasons.