[sph]

A surprising amount of code might be executed in rarely-used or undocumented code paths (for example, if the DEBUG environment variable is 1 or because a plugin is enabled even if not actually used) and thus not shaken out by the compiler.

[tester756]

What makes you think that a lot of code is hidden behind dbg env variable instead of e.g dbg build?

[whstl]

Plenty of libraries have "verbose" logging flags ship way more than assumed. I remember lots of NPM libs that require `winston` for example are runtime-configurable. Or Java libraries that require Log4J. With Rust it's getting hard to remember because everything today seems to pull the fucking kitchen sink...

And even going beyond "debug", plenty of libraries ship features that are downright unwanted by consumers.

The two famous recent examples are Heartbleed and Log4shell.