Good question.

By design, not much is collected. What did you supply when signing up? A username and a password is what most people supply.

For those who value privacy, I would imagine they use a different username/password combination for each website, it's not a bad idea, and good OpSec practices are beneficial to everyone. :)

But you asked how things are stored and protected. Information (posts, comments, username/pass) are stored in a PostgreSQL database. Passwords are hashed using the bcrypt algorithm. IP logs are minimal and temporary, not that they'd offer much in terms of identification of users due to the options allowed (and encouraged) of connecting and interacting with the website. Since most people are using anonymity networks to access this website I think, there address of origin is ever changing.