I think there even exists a bugreport for this.
I'm reluctant to allow all-numeric user names because of the ambiguity and the fact that we use the user name later for other stuff (e.g., for executing commands as the user account that started the session.) Assuming, that "the system libraries will get this stuff right" isn't very comforting in this kind of edge case.
User names that *start* with a digit (but also contain at least one other character of the portable file name set) don't have this ambiguity, so we probably could allow that.
Then again, this will likely cause problems with software like systemd and maybe other, too (like [commercial] authentication brokers that use LDAP or the like.)
All that said, I'd personally argue that just avoiding such naming schemes altogether and disallowing it in x2goserver is easier than handling the mess that might ensue if it were allowed.
Mihai