Okay, I applied the patch and the situation got worse and turned into a more dangerous one!
lol
I've got these two users:
Before import
UserID: 38647
Username: "Leni"
UserID: 260394
Username: "Leni"
[ATTACH=full]178855[/ATTACH]
The second user is fake and trying to appear as the original user.
This is what happened after applying the patch and import
After Import:
UserID: 38647
Username: "Leni"
UserID: 260394
Username: "Leni"
[ATTACH=full]178854[/ATTACH]
As you can see, It trimmed out the &#XXX characters and made both usernames exact same. 
Is that even possible to have same name users in DB?
That would become a major security bug, wouldn't it?