I guess until P2P is implemented (Q4 2021 I believe) it’s something that you can use but don’t have to, and I agree there are some risks involved.
There is a recent, related thread:
As TopologyUpdater generates the complete topology file server-side, I guess it was the easiest approach for the author to include non public details into the file. You can always skip sending the BP IP and write your own script that inserts that IP into the generated file, or do it manually.