First off, I don't think anyone is for KYC here. KYC is definitely cancer and to be avoided when required in airdrops and ICOs.
The only place where I would be kinda "fine" with KYC is for reputable exchanges. Whereas I'm pretty sure that the people who run most exchanges have no choice but to require KYC to their users because the government requires them to.
You are quite right. Not all KYCs are actually safe for one to do. Apart from ICOs, some airdrops sometimes require KYC of which you will later realize the airdrop to be fake. What then happens to the information they collected? Will it still be safe?
They could use your information to conduct identity theft; and that's only the tip of the iceberg.