I know there’s a series of unfortunate events that can lead to this information accidentally getting logged into a log file; but the comedy of errors necessary to get there almost leads itself to malice rather than accident.

Have we as developers gotten so lazy with our permissions requesting that we think it’s okay to ask for all message access? If not, why ask for it? Why *log* every message, afterward? What pull request approved that? What PR was approved that logged the auth token?

Even more to the messages, if they’re logging them, they can see them. If they can see them, how do we know if they are or aren’t sending them to their servers?

Ugh.