If we think that the exchange party will misuse our personal data? The data without us giving it can also be owned by them. Making such a difficult but capable exchange, let alone manipulating data so simple. So I thought, they couldn't have done such a stupid thing.
I avoid disclosing personal information unless it is absolutely necessary. No one is ever certain how their data will be used. It seems the Internet knows more about us than we'd actually like to admit.
We saw in the Ledger leak example how easy it is to hack these so called "secure" databases and steal users' sensitive information. And who knows, if it gets worse in the future, what kind of information hackers might find on "private" databases and extract it as a shellhack.