Karimala already pointed this out in another thread, but I wanted to start one about this subject in particular, especially as a warning for U.S. contributors. If you go to your main login page (My Dashboard), click on Edit in your Account Information, then go to Contributor Parameters, you (and anyone who hacks into your account) will see your SSN in plain sight. Your ID scan is also available there and can be downloaded with a right-click.
Of course, it's on an https page, so that makes it perfectly safe, right? Apparently that's what FT thinks.