I am thinking of an additional issue/risk in exposing PI to third parties, as such may have the ability to install an MITM solution, and capture information "in flight" (during transactions associated with filing), for a limited amount of people who are doing it, vs just leaving account data encrypted at rest for now, alongside millions of other accounts, and waiting for more info on what's being done in the SSA present activities.