We are actually ourselves recommending the two servlets approach for exactly the scenario Peter is describing (J2EE security):
It just seems nobody thought of the possibility to include both servlets in the same page, so I would maybe say that the code is working correctly as intended but there is a flaw in the design of this part :-P
So, if talking JIRA settings I would probably admit this a "design bug" from our side and put it on some medium level, but realistically defer it to 4.0 as it will be too much work to fix for 3.0.
In the next major version of DWR it will be natural for us to move to a closure-based inclusion model similar to CommonJS, and then issues like these will be solved automatically. It is actually possible to extend DWR 3 to use this model today, by providing your own implementations of InterfaceHandler and EngineHandler, and I think this is the way to go if this is important to you.
An easier workaround for now is to make your admin servlet a "superset" of the user servlet, by including both the admin and user dwr.xml files in the admin servlet. That way you can keep the two servlet design but never have to include both in the same page.