If someone happens to get hacked, what will happen to all of their personal information in their settings? Their email? The location of their computer? There should at least be an option to put asterisks or something on these.
What people generally care about is their password and this is hashed with GPU resistant settings per our security.md file in our public github repository.
Locations can be inferred from IP geolocation so no new information is being added. We removed a bunch of unnecessary places we stored IP addresses for GDPR in previous releases.