UX and Information Security of pre-login account information
I'm currently working on a redesign of a customer-facing account management. A stakeholder brought forth the idea of exposing certain information about the account to pre-login UI. From a technical perspective it's doable (via cookies with long or neverending timeout), but my concern is perceived security and resulting UX implications.
Imagine a login page that, for instance, displays "Welcome back, John Doe", and goes on telling you "You have 9 days left before your subscription runs out. You can either renew it manually, but why not set up recurring payments?", or "Your current subscription plan is 'Hello World Pro'. Did you know that by extending your subscription period now, you can take advantage of our special offer?".
Mind you, the user hasn't logged in yet. We're retrieving this information based on a cookie stored on their computer - and in order to actually take any action, the user will need to log in.
I'm seriously concerned that, while the stakeholder expects this to be helpful, it would in fact undermine users' trust in safety of their data. In the worst case scenario (e.g. a shared computer) it could even compromise a user's privacy. Nevertheless, I need to research this to present some hard evidence.
I know it is something that's considered useful in a mobile app, but to be honest - a mobile phone is yours and yours alone, while your home computer may be shared by your family, your work computer can be accessed by admins or other people, and I'm not even mentioning computers in various internet cafes etc.
So my question is:
What would be the appropriate Best Practices that would address such behavior, set some ground rules and provide guidance on it?