Note that the anon user is able to become root without password by default, as a development convenience.
(-) To prevent this, remove anon from the wheel group and he will no longer be able to run /bin/su.
(+) To prevent this, remove anon from the wheel group and they will no longer be able to run /bin/su.

“It” does seem like the way to go here, as it is referring to a built-in “anon” user account (best as I can tell).