There are several scenarios where user's username and email are shown. This can be considered a security risk for some customers.

Examples:

• When doing a user search, a suggestion list appears while writing, this list includes the user display name, email and even username.
• From the issue view, any user can see another user's profile, which shows all the information of the user.

Similarly suggested for Confluence, the suggestion is allowing a way to control the access to this information (like only showing display names for non-admin users) or using the following as an example:

1. A user is only allowed to see the name and profile of another user if they are in the same group. (at least one group, not all)

2. Allow a global administrative option for enabling/disabling user names and profiles.

3. Allow each user to decide whether their username, email and/or profile should be viewable.