I have built an API which can log an user in and if sucessfull it returns a DTO. Should I include the password in the DTO or isnt that neccessary?
