The GUIFLAG on the SAPUser is currently described as "Insecure communication allowed".
In the mapping, the description is "user login using GUI is allowed".
In SAP itself it reads: "Password logon for SAP GUI permitted (user-specific)".
This should be adjusted in the frontend and documentation.
This is a product defect (34251).
This will be fixed in a future release of the product. If you require this immediately corrected, please contact Support for a hotfix referencing the defect ID 34251.