Comment 7 for bug 1072669

Pretty sure this is just backing up what Russell just said, but just to make sure:

It is useful for the auth token to be passed /to/ the notification code, because certain notifiers (specifically custom ones that use the plugin framework) may make appropriate use of it. The notification drivers themselves should strip out the auth before writing the notification to a log or putting it on the wire or whatever.