The IP identifies the origin of the connection. As you know, you can create users with host restriction so that only connections from those locations are accepted in the database. In that sense, the IP is as if it were part of the user name, and MySQL always reports back this information because it would be needed to identify wrong configurations and such.

Assuming Connector/J is running on some middle layer software, this information is crucial to know what is being attempted during the authentication and helps mitigating connectivity issues. I don't think there's an issue with this. After all, the IP you see there is the one from the originating system which already knows who it is.

You got a point, though. Leaking this information up to client UI could expose a little bit too much information, but, I would say this is a matter of sanitizing error messages property. Don't you agree?