Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user’s device. If we determine that sensitive information has been inadvertently received, we delete the information.
They admit that they might accidentally harvest your bank's username and password but are magnanimous in that they will toss that info into a bit bucket. This has got to be very illegal but MS seems too big to prosecute and can now do whatever the fuck it wants.
There must be more to life than having everything. -- Maurice Sendak