Assuming you have the following input:

  imap.company.com must run imap with username 'foo@bar.com' with password 'secret'

If you're using the MQ / Purppura notifiers then they will receive a copy of the input. In the case of MQ you'll see this logged:

    {"input":"1.2.3.4 must run imaps with password 'secret' with username 'foo@bar.com'",
     ...}

This is because the raw input is given to the notifier. We should censor out passwords (as used in MySQL, HTTP, POP3(s), IMAP(s), etc) in our notifications.