Well, actually, there is a problem with the check approach: People use proxy models with user models, to account for different types of users; and it could be that the actual class is decided before the user is authenticated (because of different entry URLs, different authentication backends, whatever). The settings-defined user model will not always be the actual class of user objects, so checking it may not be enough (although I would agree that the case where it isn't is probably a particularly rare edge-case).
Shai