Both functions (either as method of class user of or as method of class acp_users) in question are defined this way (simplified):
The problem in here is that $data will also evaluate to FALSE if it was handed over nonetheless. Consider a case where I use the $data parameter by giving the value 0 (ordinal zero) or '' (empty string) - this value wouldn't be used, instead
will be used. Which is fatal.
A correct approach would be to test without invoking typecasts:
I submitted this as minor bug because right now no code in phpBB uses the $data parameter, so nothing is affected. Only exception: the STK uses it in /tools/admin/reparse_bbcode.php, but obviously nobody ever had problems with it.