So the live snapshot thing is definitely a bug. However, it *doesn't* result in leaking data from the host. I'm not 100% sure why, but the resulting file is still a qcow2 with a backing file. As we don't have this backing file, there's no data leak.
As I don't understand why it's not broken, I'd still be inclined to fix it, tbh. It's definitely not safe.
So the live snapshot thing is definitely a bug. However, it *doesn't* result in leaking data from the host. I'm not 100% sure why, but the resulting file is still a qcow2 with a backing file. As we don't have this backing file, there's no data leak.
As I don't understand why it's not broken, I'd still be inclined to fix it, tbh. It's definitely not safe.