I think the options depend on whether we are talking about a username or email address being used as the identifier.
If it's an email address (as currently), it would seem sensible (even essential) to allow all/any user to change it, and I would strongly consider re-authenticating in this case (i.e. email verification) to safeguard against mistakes. Of course, the system should check first to see if that address is already in use!
If it's a username (presumably tied to an email address), I see it as less of an issue - check the username is not already used, and let any user change it.
<Raad>
