No need to copy the FullName to entity Person.
You have no control at all over the security of module System. But you have full control over the security of module Administration. Attribute FullName is from Administration.Account, not from System.User, so yes you are able to make Account/FullName readable. It is just a matter of correctly defining your Administration’s module roles, and assigning those module roles to your user-roles.
Your person entity should contain all "public” available values. Don't use any of your account details in your process. As this can be seen as the passport of your user.
Imaging being in a pub, and someone asks your name. Do you grab your passport to show your name?
Guess not, besides it’s ridiculous to show your passport to a random stranger, it’s also a security issue.
Same counts for your user account. These should only be used to authenticate and authorize access to data. No public use of this data.