For security purposes it's better if people who are admins of the platform are in the habit of using their personal token to access the API instead of the org token. Having the personal credentials displayed first would lower friction in establishing this habit