So, two or three things.
1. You replied here, and stated and reasonably and rationally Hetzner's case. That's excellent.
2. I emailed Hetz two days ago, explained the situation (passport a no-no, friend has PP, but I'm signed up with bank transfer so could I just use that).
Hetz replied saying account has now been enabled and I'm good to go.
Also excellent.
3. The observations in this reply about passport - if you've been hacked and not noticed yet, all passports passing through your hands are being exfiltrated (assuming attackers cares about them, of course). You'd only realize how long its being going on for once the breach is detected. I'm not worried about what you are going to use it for, I trust you - the concern is that security is basically impossible and everyone gets breached sooner or later. There's nothing you or any organization can say or do to ameliorate this concern. The basic ground working assumption is : everyone is hacked, if not already, then sooner or later, and it won't be noticed for some time. Given that, how do we behave? what do we do? how do we act? obviously, identity via passports is off the menu.
Finally, there's no info during sign about about passport document being held only for a short time; seems potentially useful to have that.
You're sensitive to your passport information being stolen. You don't trust their security. That's all perfectly OK.
Fortunately they offer other option(s), which it seems you made use of. So you're all good.
A different user may have different priorities, and may choose a different option.
Which is fine. Options are good. There's no requirement that you have to like the ones you don't use.