make clear people should never use these raw values.

there are many cases where usernames are already in the webpages content eg. in JS variables or in the DOM. Same with email address. So "should never" is wrong here.

in general it is responsability of each webmaster to measure their data securely. I hope that most people who have a login form on their website will deliver all pages once user is logged-in via SSL. If they don't then it would leak the auth cookie which is much worse than leaking username or email.

So the point of unencrypted wires for User ID does not make a lot of sense since User ID will only be used when users are logged -in which should be done securely to ensure safety of auth cookie.

It would be possible to update the documentation to explain this, if you care about this please issue a pull request on this page: https://github.com/piwik/developer-documentation/blob/master/docs/tracking-javascript.md

I'm sorry, but this is not correct. Well if a user logs in it will be encrypted, but if I make one more click I'm on HTTP and no longer on HTTPS. It's not required to stay at SSL after a login. You only need to protect the login itself.

With your documentation people will start using email address as UserID and this is always send over the wire unencrypted.

The session cookie will be destroyed after I hit logout or after time. My Emailaddress is not destroyed after I hit the logout button.

You only need to protect the login itself.

no you need to also protect pages once you are logged-in, otherwise the session cookie will be stealable by a man-in-the-middle attack (similar attack that would reveal username/email as you point out)

My Emailaddress is not destroyed after I hit the logout button.

What do you mean?