Is it so desirable to sent even more info, this time potentially non-public, if you decide to interact with the other instance?
This includes partial information about your online identity, namely identifying you uniquely. Not all instances should be considered trustworthy, so your log-in token may get re-used by a malicious instance to post things in your name here and there. Kind of a silly situation, favorable to spammers for example.