I had some questions to which answers were difficult to find. I want to understand the trustlessness and privacy aspect of using BitShares through the combo of the BitShares 2 light client and Openledger.info as the API provider (or any other site that hosts such an API). I'd be thankful for any input on these matters.

1. Regarding the above use environment, which of these are known (even if just minimally, but to the extent of being able to identify users) to API provider site?
- wallet name
- account name
- transactions
- addresses
- account password
- private keys
- brainkey

2. Focusing on the brainkey: even if you answer that it never leaves the client, how much do you rely on this assumption? For example, if you used a custom mnemonic which is also used with a well-financed Bitcoin HD wallet (but your end-user security is very high, your only worry is the client communicating with the site API, and the mnemonic has a high entropy), would you feel safe?

3. Same thing as question 2, only for the account password. How well-guarded is this by the client from the API?

4. Is there any identifying information - apart from the IP address, (I'm just guessing here) the BTS addresses, transactions and the account name - which can be used by the API provider to identify the user? Like some cookie-like things, client fingerprint / user agent, wallet ID, anything?

Thank you a lot.