This is somewhat academical, because I believe most users would simply use the config_inc.php file generated by the installer (or copy/paste its contents).

$g_db_username = 'root';

I disagree. This is supposed to be an example, and I don't think it's good from a security best practices point of view, to indirectly promote the use of default DB accounts, especially one with high privileges such as root in MySQL, for web applications.

In fact, taking this one step further, we should probably consider changing this in config_defaults_inc.php.

$g_db_type = 'mysqli';

This one makes sense, will change.

$g_db_username = 'root';
I disagree. This is supposed to be an example, and I don't think it's good from a security best practices point of view, to indirectly promote the use of default DB accounts, especially one with high privileges such as root in MySQL, for web applications.
In fact, taking this one step further, we should probably consider changing this in config_defaults_inc.php.

Acknowledge. :) Change this in config_defaults_inc.php to 'mantisdbuser' and your absolut right concern on security as well as my initial intent are met. My 'solution' just took into account, that current install proposes 'root' if no config-file is given.