Comment 2 for bug 387694

We should expose the username, and also report autovacuum queries as they are not security sensitive at all. I'd replace other queries with <hidden> or similar.