The _users database is a great place to store user information. The design of the documents is relaxed, so I will not worry about adding fields. (Removing some may be risky.) You might consider adding an object to the document for all of your data:
{ "_id": "org.couchdb.user:jhs" , "_rev": "3-281e87af31d7d8277463732dccc06f65" , "name": "jhs" , "type": "user" , "roles": ["whatever"] // (etc.) , "myapp": { "profile_photo": "http://example.com/some_photo.png" , "favorite_color": "blue" } }
The only thing you want to check is the validate_doc_update function in _design/_auth . Make sure that this does not stop you from doing what you need. Currently (possibly vaguely), it does not check any attributes in the document except those that it needs ( type , name , roles , etc.).
Just remember that these documents are read in the world. Separate personal data for the user must go to an individual database for each user.