Comment 1 for bug 908834

The emergency user is still quite valuable, allowing the site owner to
recover from a catastrophic misconfiguration of the root acl_users folder.

The checks you describe are actually not uselessly redundant: each set
of credentials extracted by the configured plugins is tried first against
the emergency user; at the end, theere is also a "default default" check
for basic auth / emergency user (even if no normal basic auth plugin is
configured).

Again, this redundancy is there for "in case of emergency break glass"
cases, which would otherwise make configuring the PAS TTW too risky.