I know that HTTP requests made by the site get the browser's localStorage for a site, and document.cookie is encrypted for HTTPs websites, but I'm still wondering the risk of storing sensitive information, because even if the hacker got the information, what could they do with it? They don't know the user.
And if the localStorage doesn't send information to the server (of course without encryption) how is it possible that someone can get the information over the internet?