Karimala already pointed this out in another thread, but I wanted to start one about this subject in particular, especially as a warning for U.S. contributors. If you go to your main login page (My Dashboard), click on Edit in your Account Information, then go to Contributor Parameters, you (and anyone who hacks into your account) will see your SSN in plain sight. Your ID scan is also available there and can be downloaded with a right-click.
  Of course, it's on an https page, so that makes it perfectly safe, right? Apparently that's what FT thinks.

It is also available from the Tax Center link. Your whole W-9 is also clickable and viewable.
This is unacceptable.

This is not an issue that is unique to FT:
At DT from the Management Area - click on Financial Activity - from there you can click on View Submitted Tax Form - and there is your submitted W-9, complete with all your information.

Wow. What is so difficult about keeping our "personal" information personal? 

I am not getting it. Should you be authenticated to see these pages? Would you expect this field to be masked like password? It can be revealed with a simple Javascript so it's not protected anyway.

Some more checking shows that DP is also showing your entire W-9 from the tax center page.