Someone could use their real name as their user name. They could have directory or file names that include the names of providers of different services (such as banking, phone, etc). There could be geographic clues or information about where the person received their education. If a malicious person knows what software is installed on a target's PC, they could create specific exploits.
I could go on, but hopefully that gives you an idea.
Even if it isn't plausible that the information will be used improperly, I don't see the benefit of including it in the log.