[peterwwillis]

Attacking a system is not just guessing passwords. You need to gather as much information as you can about your target and devise an attack using what you know.

Maybe it's a DNS entry or network addresses that would have been secret if not for it appearing in server-status (there's a reason AXFR from random internet clients is a bad idea). Maybe it's a client IP that accesses an admin panel, and attacking that client machine will give you the keys to the kingdom. Maybe it's a PID that's guessable and gives an insight to what a new temporary file or directory will be called, exposing a race condition. Maybe it's the very precise time information to be used for making timing attacks easier. Maybe it's the number of workers configured that lets them tune an attack to fill up resources. Maybe it's the system utilization to help them figure out if they should attack CPU, memory or i/o. Perhaps it's the server version and OS telling them what software is running and thus what exploits they should pick first.

Or maybe it's the fact that the requests can be linked to client IPs to build a profile on specific users, violating their privacy.

Whatever the reason, it's stupid to keep this information public.