[anf]

You should quit. I know you have reasons, but continuing to work at a place like this is not ethical.

[inteleng]

Quitting is also slightly unethical.

[anf]

fair point. my thoughts were that spending your time building $10 widgets and getting paid $5 by someone who is negligent with their use of people's passwords is akin to working for a company that pollutes public waters: some of your paycheck is "tainted" by the dangers you put others into, and you are smart enough to understand it. in that sense, quitting seems like a non-act, because you stop acting unethically.

I'm guessing you're referring to someone's ability to actually fix it -- in the case of logs, you can make a pretty simple regex to strip out all kinds of PII, and there really are a lot of arguments (e.g. proactively reducing cost of security audits -- if someone is reviewing your logs to figure out what happened, they might not want to see customer data).

[Grangar]

If anything I'd vouch for leaking to a data protection watchdog if nothing gets done about it.

[struppi]

Quitting is not unethical at all. You are not required to stay with any company.

[anf]

If you can prevent a company from acting unethically and you have the capacity to do so, are you not ethically obligated to try?

(switching sides of argument, I know)