What version of Cotonti are you using? I was unable to reproduce this with Genoa 0.6.8. If you're using Siena you should report it in the right topic
Are you sure the account you're using to call the userlist isn't administrator? Admins are able to see hidden groups and users (obviously). It depends on the rights setting for 'Core: Users', if 'admin' is enabled, that group will be able to see hidden users.
As for viewing the user's profile, I think you're right. The profile of a user who is only in a hidden group can be viewed as normal, even by a guest (unless of course guests can't view profiles at all. Only the name of the group he is in is hidden. I agree that this is slightly unexpected behavior.
Ok, I was able to reproduce it. It's not a problem with the filters, those work fine. The list however, only hides the user group, not the users inside.
I think the feature was only meant to hide a user's membership to a certain group (basically hiding the fact that the group exists). We could change this behavior to what you're describing, but I don't think everyone will agree. Perhaps a plugin can fix this, so it becomes optional.
By the way, why do you want to hide a user? You could just pick some random username and nobody will know who the person behind the account is.