Hi,
If you are using LDAP integration, then naturally since LDAP is case-insensitive for account names then it stands to reason that the username is case-insensitive. For AD integration, SMB can be either case-sensitive or not depending on configuration, but is usually case-insensitive to a certain complexity. It is then up to the authentication server (ACS) to decide how to treat the access-request.
Therefore this isn't much of a security trade off from a username brute-force perspective since the underlying infrastructure operates as case-insensitive.
From what I can tell in the first versions of ACS 5.x, the server decided that authentication would be performed case-insensitive and authorization would be case-sensitive. I suppose that at some point along the way Cisco changed this. Take a look at:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtk64903/?referring_site=bugquickviewredir
P.S. Local usernames within Cisco equipment can be made to be case-sensitive using the local-case keyword within aaa commands.