After the above commit, checking the “Hide my public profile and presences features” option on Preferences → Interface does block the individual user RSS & JSON routes.
You can also uncheck the enable user directory site setting 
Does that help?
7 Likes