Years ago, I caught some overseas contractors writing passwords to a log file. It wasn't malicious on their part, it was ignorance. (But, that kind of mistake is highly unprofessional and shows a lack of insight from someone who should know better.)

I suspect that someone has some debugging flags that do this, and accidentally shipped with the flags set the wrong way.