Per request, I've added code to disable setting the real name field on login
or in user preferences. The field remains in the database, however, and
classes such as User still use it. It's just hidden from the user interface.
The configuration variable is $wgAllowRealName, which defaults to TRUE.
Admins can set it to false if they need to.
It was kind of a chop-shop job, but I'm pretty sure that clever hackers
won't be able to force in a real name anywhere.
I haven't yet made display of real names in the RDF optional; I figure
that's a lower priority.