To clarify, we did not leave the users enabled in the Linode Manager. When you delete a Linode user, Linode shadow deletes them in the DB by setting an inactive date on the row.
The honeypot user would not have been able to access the account had the credentials been valid, but based on the information given by Linode we did see someone attempt to log in as that user only once around the time of the compromise.
Keeping logins of ex-employees on 3rd party systems is a no-no though I admit full removal might pose some hurdles.