Too much user information published to anonymous users
Even on the loginscreen emails and usernames are available. This is both a security concern and a performance issue.
Fix it by handling the email on forgotten passwords on the server side. The only thing needed is the username typed in.
Then remove username and email from the anonymous allUserData publication