Users in the who are in the Checkuser group on any wiki have access to user's IP addresses. An account compromise could impact the privacy of our users.
Since this is a fairly large group, I'm not sure what an appropriate initial and long-term policy should be. I think 8-byte minimum is a good start.