Currently in Tableau server any user can do a wildcard search(*) and that will return all workbooks, data sources and users that have access to that site.
Hovering over the name will display the username and that can be exploited by hacks trying to guess passwords.
There's a more detailed explanation in this thread below:
As illustrated by Ben Jones users don't always choose the most secure passwords and I feel the names and usernames should be hidden from all but admin's and site admin's. If you also think this the case, would you please consider voting this idea up?
| Tableau Public Most common passwords.