I’d be interested to know if there’s a feature request to change how model data works by default?
It’s quite easy to miss a sanitize function like this and it is also pretty dangerous to do so given it can leak all sorts of user info. Would changing the approach to be secure by default unless you request extra info make more sense? I realize this is an interface change, but for the sake of security feels like it might be a good one.