It looks like the passwords, hostnames and SMS commands are encrypted in the settings file, but in the log file nothing is encrypted.

I am thinking of writing a shell script to remove the sensitive lines from the log file, and running it periodically.