It’s possible to see a full list of everyone who has been granted the “first flag” badge, and the corresponding RSS feed
first-flag.rss gives a timestamp that’s precise to the second for when the badge was
grantedAt. That’s far too much information, and makes it possible for someone to correlate those timestamps with the time their post was flagged. This holds even more strongly on forums with less traffic.
Please consider not supplying timestamps, or ideally, not supplying any public information about other users with the badge. Ideally, I’d suggest having a list of “sensitive badges”, and not showing any public information about who else has those badges: no usernames and no timestamps.