pages marked as unswappable because they contain sensitive data - i.e. cached passwords or key data (see for instance ssh-agent, gnome-keyring, evolution) are paged out during hibernation.
This is a security vulnerability for two reasons. The first is that access to a running machine can be acquired by triggering a hibernation e.g. when the battery is low due to policy, or if there is a hot-key configured to do that. The access is acquirable by examing the suspended kernel image. The second is that password or unencrypted key data has been written to disk and thus may be recoverable by disk forensics - but this is a much less severe consideration (folk concerned about secure disposal of hardware are likely to have other data to dispose of anyway).
Agreed. As far as I've been able to see, fixing this requires some closer integration of cryptsetup, by-default encrypted swap, and initramfs changes.