So that if their database is breached you don't become a target with name, address, payment method etc.
Assuming you can trust them... which I do.
Ledger is a good example of how not to handle customer records and the fallout that can occur when they are breached. Coins were lost in various types of phishing attacks.