If you enable logging, the log file contains your username and password, both in plain text.
This means that anyone with access to that log can now log in and pretend to be you. So, if I submit a log without manually removing that, I’ve revealed sensitive information to em client.
And this is hugely exploitable, because if you know someone uses em client, you could enable logging to steal their password.