Handling sensitive data in an ERC721 Contract

I'm a noob in web3 and blockchain, but could someone help me understand this:

Can you store sensitive data within an NFT?
Would sensitive data be stored with the _setTokenURI function, or another way?
Within the token URI, what data types can be stored (strings, objects, arrays, json)?