Welcome to the forums.
The password is not a secret in the industry, it's the same used for malware submission: infected
Also, your tools do not collect personal information. From tool to tool, they collect scan logs, list of active processes, startup list, list of installed programs, Bitdefender log files and some registry keys.
Also, BDSYS could also collect infected files running in memory of files that inject into other processes and they are suspect.
All these are also available in Windows and they could also be collected with any 3rd party tool.
We password protect these archives because in some cases they contain .exe files(BDSYS logs) and some web based email services do not allow to attach .exe files, even if they are located in an archive. If the archive is password protected, it could be attached and sent to us when me or one of my colleagues is asking for it during the investigation.
Let me know if you have other questions.