As a matter of fact, some users are still sharing their seed phrase with others despite repeated warnings never to. But a complete absence of proper warnings could make the company partly liable.
There is no harm from warnings, so there's no downside from it. Those who will fall victims will regardless of the warnings they receive, but someone who receives this type of mail and checks if it's legitimate will see a memo from the company saying they will never send physical mails and they'll be convinced it's a scam.
However, I think these information should be completely removed from their end right after confirmation that the package is received by the buyer.
Data unfortunately is a big deal and many companies try to save up as much of it as they can.
