The user accounts created by TN are meant to be used by the Trading Partners themselves. The idea is that if you want to be able to receive documents from your Trading Partners over the internet, but you don’t just anyone out there to be able to submit documents to your system, then you create a TN profile for your partner, provide the username and password to them, and have them use that username and password every time they send you a document. As you have already discovered, wm.tn:receive will then authenticate the username and password they sent against the existing user accounts. The username and password can be embedded in the HTTP header, or if posting the document interactively, the user will be prompted via a dialog box.
Many people, however, choose to make their partners’ lives easier and simply open up their system without requiring user authentication. One way to do this is to create a service with an Anonymous Execute ACL which invokes routeXml. You need to understand, however, that a malicious user could then very easily perform a DoS attack on your system by flooding TN with documents, so be careful with this approach.