I noticed here that identities and user_id are in the fields not to be included in app_metadata:
I was hoping to get a more detailed understanding of this. Are there some particular security risks associated with these ids being visible (eg to dashboard administrators)?