As far as I remember we said that we won't change this in the 4.x lifetime.
By the way, not sure if you noticed this, but PII data are only included in the response when authorization happened with a generic API KEY.
If you use the REST API and GraphQL with oAuth authentication, all sensible data are stripped.