@preinheimer the only argument i've heard for it was people claiming security via obscurity. if the correct error isn't logged it can't be traced by malicious entry. they learned it from the idea that login errors should not tell you if the user or pass was wrong, just that something was, and thinks it applies to everything.

its one of the dumbest arguments anyone has ever presented to me that wasn't defending psr.