For future reference you definitely want to remove PII from the API as soon as it's not needed on the frontend—people, even engineers, naturally expect to be able to visually confirm what information is and isn't public, and you don't want to be that site that exposed data through a side channel.
