When I enter user "blah" into the "Add User" field I get a pop-up that says "Cannot add user - The "blah" user does not exist".  

It would be nice if it popped up a similar warning message letting you know if you enter a userid below MinimalUID value.  It would also be nice if the Users tab allowed you to set MinimalUID (perhaps with a spinbutton entry widget) since it is impossible to get the root userid (or any userid below 100 by default) to appear in the FaceBrowser and Automatic/Timed dropdown list in the Security tab without lowering this value.

I would happily accept a patch to make this work better.

This will be fixed in conjuction with Bug #334186. One question though. Atm the MinimalUID spinbutton is in the users tab, and prevents adding users to the include list only (presumably exclude list should not have such a restriction). Do we still need separate entry for the security tab? Or will the warning message be sufficient?
Actually i had another idea.
I will move the MinimalUID from Users to Security, and provide warning messages for both scenarios (Security add user and Users include list). How does that sound?

Yes, the MinimalUID restriction only applies to Include, not to Exclude.

Also, we should verify that it is possible to turn on the "root" user in the face browser if the MinimalUID is set to a low enough value.

There should only be one entry for MinimalUID in gdmsetup.  The suggestion
was that it should go on the Security tab since changing this value affects
the security of the machine.  However, it might make more sense for this
configuration choice to be in the "Users" tab since it affects how you
can set Include.

Perhaps it would be good to add some text to the Users tab explaining that
turning on the Face Browser adds some security concerns?

Note paragraph 2 in section 2.9 of the GDM documentation, which explains
the issue that might be nice to explain in the gdmsetup dialog directly.

  http://www.gnome.org/projects/gdm/docs/2.16/overview.html

Perhaps a section in the "Security" section 3 of the docs should be
added to highlight that the Face Browser does add some security concerns.
Want to add such docs as you make this change?

What do you think?  There are probably other options in gdmsetup that
affect security that could use better labels explaining that the user
should be careful changing the values.  Currently none of the options
on the Security tab have such labels.

Thats what i thought :)
MinimalUID widget supports ranges from 0-50000 that should allow root to be in the include list. I initially put MinimalUID in the users but then i moved it to security tab as it can have serious implications if misconfigured.
Atm there is a block of code in the main function which looks at the Include list, checks if each of the users exist and if their uid >= MinimalUID. If not the users are removed and ther corrected list is saved and subsequently used. (this is done just after Include list has been read). This should prevent use of misconfigured include lists in gdmsetup.
Also what im planning to do is to remove already existing users from include list when MinimalUID is changed and their uid does not match the criteria anymore (this should make sure that if the user is added and the MinumalUID is changed that user will not be saved in the include list.

As for the documentation yup it will try to add some description highlighting possible security risks (maybe a tooltip).

Sounds good.  If you fix this bug as a part of fixing 334186, please mark this bug as a duplicate.

If we are going to modify the Include items on the fly when the user changes MinimalUID, then we might want to pop-up a confirmation dialog saying "changing the value will cause some users to be removed from the Include list.  Are you sure you want to do this?" or similar.  Do you think this would be better than just changing it and possibly erasing users the user didn't mean to?

Fixed in CVS head.