I agree that access should be limited as much as practical. But in any system (free or paid, volunteer or commercial) someone is going to have the information, hopefully on a need to know basis.
I have dealt with real-world situations - e.g., someone who due to legitimate work concerns doesn’t want any PII to make it out to published organization newsletters because those newsletters are (for good reasons for the rest of the organization and public to legitimately see) posted on an organization web site, so any time he has what for virtually anyone else would be a “normal” mention in the newsletter, he has me carefully word things per his request to minimize PII. But those are few & far between - and the duty of the user to make their wishes known.
In our situation (and IMHO with most publicly accessible free-to-sign-up web sites) that means:
- If you are worried about your IP being used to track you, use a proxy that effectively hides it
- If you are worried about your name, make up something fake & unrelated
- If you are worried about your email address, get a disposable/single-purpose email address
and obviously then put nothing of consequence in your public profile.
So we limit what access we can, but we don’t promise perfection (it will never happen), we vet moderators as best we can, and we spell out in the terms of service what we do & don’t collect and what we plan to do with the information.