I think the assumption SE made was that communities would grow over time and so there would be a natural need to keep adding to the team. (Plus, sometimes people step down.) In practice, though, some communities are small and can get by with three mods for years and years.
Here’s another way to mitigate the privacy problem while enabling more community participation: what if we separated mod powers into two buckets? Think about the things mods can do – most of them don’t require private information, just the community’s trust. I’m thinking (from SE) of unilateral close/open, locking/unlocking, cleaning up comments, seeing deleted content, and, sometimes, taking normal user actions with the “moral weight” of that diamond next to your name.
What that leaves out: user-level actions like suspensions, seeing annotations, investigating suspicious voting, and stuff like that. Basically (for SE mods), the “mod dashboard” tab on the user profile is only for this higher level of moderator.
If we did this, we could have elections more often for the first level, which is probably 80% of moderation anyway, and that could have term limits or just be subject to retention votes or whatever the community wants. These people are the primary moderators. And then there are a small number of higher-tier mods who also have access to the user stuff and private information. Assume some workable communication channel that all the mods have access to (like the private chat rooms on SE), and it’s not hard for the community mods to get an assist from the mods with private-info access when needed.
In a way, it’s kind of how moderators and community managers operated 5-8 years ago on SE, when mods had way fewer tools. (We always had some PII, though.) But the CM-like role here is filled by community members, not Codidact admins.
I’m brainstorming here; please take this as a starting point for discussion, not a concrete proposal.