Plenty of libraries have "verbose" logging flags ship way more than assumed. I remember lots of NPM libs that require `winston` for example are runtime-configurable. Or Java libraries that require Log4J. With Rust it's getting hard to remember because everything today seems to pull the fucking kitchen sink...

And even going beyond "debug", plenty of libraries ship features that are downright unwanted by consumers.

The two famous recent examples are Heartbleed and Log4shell.