That would be substantially better, our security policies dictate that root is never be allowed to login remotely. If you don't go down the zimbra user approach, then you should accommodate for the use of "sudo" by an unprivileged user.
sudo su - zimbra -c '/opt/zimbra/libexec/zmhspreport'
Why does zmhspreport include closed accounts? Shouldn't it only count "active", "locked", "pending" and "maintenance" statuses?