Comment 2 for bug 2030668

The concern here was that it was moderately likely that if we enabled manifests for private builds then credentials from the build process could leak out into the built snap. I dug through some history and it seems that this caution was originally suggested by Sergio from the snapcraft team: https://forum.snapcraft.io/t/snap-updates-and-developer-notifications-on-security-updates/2754/4

It's possible that this is a non-issue now: credentials that Launchpad generates as part of private snap builds are carefully arranged to be ephemeral and scoped to the lifetime of the build, so even if they do leak it wouldn't matter; but it's possible that some private snap recipes take hacky approaches with credentials in URLs for their dependencies and the like, so it's possible that making the change you propose would cause information leaks. I'm subscribing Sergio here to see if he still has the same opinion that he did in 2017.