Ok, this is now implemented in latest CB Privacy build release. It only checks profile access for the Users privacy rule if the privacy selector has an asset beginning with "profile". This has to remain for now as it'd cause a backwards compatibility break.