100% agree, but for most companies disclosing it once makes it a high-priority issue for it to never be an issue again; 0.1%-1% of the engineering org gets tasked with making some framework for logging, making sure there's no way to log outside the framework, and chasing down stragglers who can't/won't use it to get their management chain to accept the risk of it recurring in their little corner of production.