Other JWT security issues
Since JSON web tokens are used for access control, they often contain information about the user. If the token is not encrypted, anyone can base64 decode the token and read the token's payload. So if the token contains sensitive information, it might become a source of information leaks.