If you change name or email address in "update profile", the changes are saved in the auth backend, but the cookie isn't updated, and cannot be updated since the session already is closed.
On the next return to the profile, auth_login() initializes $USERINFO from the session, and it looks like the data never was updated. The only way to display the changed user info is to log out and log in again.
To keep the current session handling (closing session before action) the fix would be to use getUserData() in the else clause in auth_login(). However I see a lot of FIXME comment talking about using $_SESSION more, and that's probably a better solution. The curret setup where some functions use (old) session data, and others use the auth class, is a bit confusing.
The behaviour described is verified in 2006-12-06, 2007-01-15 and on splitbrain.org (which probably runs the latest snapshot).