when acessing a SVN repository and using the log level of debug Redmine writes the full line sent to the shell into the production log. This includes the full credentials, username and password in plain text.
I think this is a security flaw. Especially for testing typically personal credentials are used sometimes. So the password should be masked here. Do you agree? Then I will create a ticket.