exactly! This would have to be hidden, and arguably we would need the option to hide custom fields in the admin version of user profiles too (as SSO carries through email).
In answer to your question, probably nothing good - and we might get into trouble with data authorities (I suspect) for not locking down access to private / personal information