There are many other state actors who can do this, and they wouldn't necessarily have good intentions. Wouldn't it be great if you could use it to identify which PEP (politically exposed person) is using booking.com to cheat on their partner, and use this as leverage to drive through certain political decisions ?

I agree most people aren't going to avoid booking.com, but that doesn't justify leaving your system vulnerable to advanced hackers