Comment 3 for bug 1470740

So just to clarify, what we're basically saying is that logging credentials in DEBUG is not ideal but is also not a vulnerability?

If that's the case I'll propose a more general OSSN that essentially says "all confidentiality bets are off when you run services with log level debug".