I don't think the idea here was to ever make the
stack traces *safe*,
just to redact the most obvious things to reduce the risk if someone
carelessly posts a stack trace publicly.
Personally, I think the "Java model" as exemplified in
https://gerrit.wikimedia.org/r/#/c/92334/ PS3 goes too far in the
other direction. In this case, an option to log unredacted traces that
I could enable on my local test wiki would be useful.
I think Ori's original point stands though. Configuration could be used to
redact fully / not redact at all for local debugging purposes. But a black
list for what to redact is bad for all the reasons black lists are bad
security in general.