It’s working here. Do you have the options set to require users to be logged in to view? (different check box than the login to sign up option, which is newer — it used to be just one option for both.)
As the description next to the readonly option says:
If you require users to be logged in to view and sign-up, enabling this option will make name and email fields on the signup form “read only”, if the information already exists in their user meta. They will not be able to alter first name, last name, or email when signing up.
Somebody else contributed the readonly code a while back, before I separated out the options that require login to view, and login to signup. So, if you don’t have login to view checked, the readonly attribute is not added to those form fields.
Please note, however, that the readonly attribute is easily bypassed by anyone with a modern browser that lets you inspect and alter html elements on the page. The person who contributed the readonly code did not put anything on the form processing side to check if those fields should be readonly and then to check if the submitted fields match those stored in the WordPress user meta for the user. Also, if they are logged in, even if they change the name/email, the sign-up will still be associated with their user account (not the account of the info they fill), and no personal info will be changed/saved (unless they didn’t have name fields set on their own account yet).
I will change it so that in the next update the login to view doesn’t need to be checked for the readonly attribute to be set (the login for signup option must be set instead), but this really isn’t meant to be any kind of security feature, and if your volunteers are doing this maliciously, you can always clear those signups yourself manually (and maybe ban those volunteers).
Also, note that if you are logged in as admin, or a sign up sheet manager, the readonly attribute is never set.
