User names and passwords are masked in the log even if they are just substrings of other strings.
A simple example:
The log says: "service postgresql restart" and "postgres" is a user name, then the log says "service ****ql restart"

Someone who knows what the partly masked string originally was or who can derive that from the context, now also knows that this substring is a user name or a password.

Apart from that it can be annoying to have a log with partly masked strings that actually should be readable.

User names and passwords should only be masked if they are not a substring of another word.