Submit KYC is must for some ICO`s .If things getting bad What can they do to our identification documents.What will be the worst possible things to be happen to us.
If ICO's chooses a third party to handle all the KYC's there's a chance that your personal data can end up in the wrong hands. What I mean that if those third party chooses to sell all your data in the black market or dark web then its possible your information can be leaked and be used for illegal activities.
You can also read about a ICO getting hacked thus exposing a lot of data in the process:
https://thenextweb.com/hardfork/2018/02/07/sentinel-chain-ico-leak-passport/