email in launcher_profiles.json isn't encrypted/hashed

In launcher_profiles.json, your email adress (username field) isn't encrypted/hashed which is an issue as if you accidentally would upload/share this file, they'll know the email adress for your account. Your email when contacting https://authserver.mojang.com/authenticate is encrypted/hashed in md5. Might be just how this work but this should be more protected.

Upon looking closer, this field 'username' is used to display your username. Why isn't this some call to the API with session id but instead stored in a json file?