[KeepFlying]

My favorite is "I'll log out the state of this object, it's all okay for privacy because I've checked every field and gotten the privacy reviews to prove it" then a few months later someone adds a new field to the object not realizing it's logged by a lower layer to a table no one remembers exists....

Then a month later someone queries that table and....oh shit.

[nerdix]

Thats a good one. Seems like a scenario that is even more likely to happen because it would be much harder to find it in a code review than printf("user: %s, password: %s", userName, password) especially in a very large codebase. There is a lot less negligence required (though obviously not completely negligent free)