It is possible to test whether a given username exists on the system or not trivially using SCRAM. While it may be possible to determine this via other means (such as over the wire via XMPP queries for example) this presents an obvious and difficult to detect attack.