fair point. my thoughts were that spending your time building $10 widgets and getting paid $5 by someone who is negligent with their use of people's passwords is akin to working for a company that pollutes public waters: some of your paycheck is "tainted" by the dangers you put others into, and you are smart enough to understand it. in that sense, quitting seems like a non-act, because you stop acting unethically.
I'm guessing you're referring to someone's ability to actually fix it -- in the case of logs, you can make a pretty simple regex to strip out all kinds of PII, and there really are a lot of arguments (e.g. proactively reducing cost of security audits -- if someone is reviewing your logs to figure out what happened, they might not want to see customer data).
I'm guessing you're referring to someone's ability to actually fix it -- in the case of logs, you can make a pretty simple regex to strip out all kinds of PII, and there really are a lot of arguments (e.g. proactively reducing cost of security audits -- if someone is reviewing your logs to figure out what happened, they might not want to see customer data).