By default the Spring Security addon simply sets up a static user in applicationContext-security.xml:
This is of course just a token to get you started and as you mentioned you would replace that with a JDBC, LDAP, CAS, etc backend. So if you remove that user-service from your config above, you have deleted the admin user.
<user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN"/>
***<user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER"/>
If your browser still shows these details after the container restart that is probably due to the fact that it has automatically stored your form fields. You can simply clear these form completions and all should be fine.