For us it is a requirement that users only see users that have access to their own space. The reasons are information privacy laws for one, but even more so corporate secrets: It might be inadvisable to disclose to employees of company A that an employee of their competitor B also works with us.
I suggest to filter all typeahead fields, lists of users and [[/people/]] to show only those users which have access to spaces which the current users also has access to. That way functionality is not impaired (assigning users which do not have access to an object's space to that object has no effect anyway), but users cannot peek into disjunct spaces (in terms of users).