Webwebapphor relies on a user being in webappuser. Role security allows people to be added to groups when they are not a webapp user.
Either webwebapphor needs to ignore webappuser, or role security must add people who are in groups to webapp user.
Identified at UA in 6.0.3
and 14237
There are some simple fixes that can be implemented to resolve this completely. See attachments to Support issue 13432