Granular control over logging authentication information
in some organizations/jurisdictions (but IANAL) authentication information is seen as sensitive information and it should be possible to treat authentication logging information differently from other (non authentication) log output.
It should be possible to turn off all authentication logging without restricting the other log output, or to send the authentication log information into a separate file (with different access permissions).
Without such function, users that must implement regulation compliant logging will need to turn off all logging that could contain authentication information.