there are several solutions that I found:
1. Give the webservices login account admin rights, you then get all the fields
2. You can get some fields by turning them on in the profile, email for example
It seems hit and miss to find out what fields you can get, not sure why you would restrict them but I guess its part of the bigger permissions picture.
The searching needs to have these fields enabled as well, so if you want to search by username then you must have this field returned as well. the only way I found of getting/searching by username for example was to give the web service account admin rights which seems a bit overkill!