Traits can be modified by the user, so they are useful for storing user attributes that the user has full access to read and modify, such as their first/last name, phone number, etc. Sensitive attributes that could control whether a user has access to perform elevated privileges, such as an "admin" flag or role should not be stored as traits.