I would say avoid KYC, even if the ICO project is totally legit and trustworthy. You never know if all of the team members are trustworthy too. Also, you never know how they are going to store your data. How strong is their security against hacks or theft? Even if everything else is fine, their website could be hacked, their computers could be hacked and your data stolen. IMO, not worth taking the risks, even if the bounty reward is high.
But it seems like KYCs are going to be required more and more in the future for any icos that are going to be legit in the eyes of the law.