This line right here logs all configs (key and value) for a connector, which is bad, since it can lead to secrets (db credentials, cloud storage credentials, etc.) being logged in plaintext.
We can remove this line. Or change it to just log config keys. Or try to do some super-fancy parsing that masks sensitive values. Well, hopefully not that. That sounds like a lot of work.
Affects all versions of Connect back through 0.10.1.
If you are running a version of Connect that contains this vulnerability, you can set the log level of the org.apache.kafka.connect.runtime.WorkerConnector namespace to INFO or higher in your log4j properties file to prevent raw connector configs from being logged.