Just my two cents.
Because if you can modify the logs, then someone who gains an access to you machine can do it as well. And in fact it’s widely known that when some system is compromised, the good attacker knows to clean all the traces of the compromise from the system logs so that the fact of the compromise would go unnoticed.
Systemd’s binary immutable logs were designed to solve exactly this problem – as far as I understand.
Th whole command you enter is logged – and always been, that’s not systemd’s fault. It’s widely known and considered a bad practice to provide credentials as options on a cli command invocation. In addition to
usually can also provide them after command invocation, interactively – and then the credential aren’t logged.
So instead of
mount -t cifs -o username=[USER],password=[PASSWORD] //[HOST]/[SHARE] /[MOUNT_POINT]
you could issue
mount -t cifs -o username=[USER] //[HOST]/[SHARE] /[MOUNT_POINT]
and mount replies:
Password for username@host/share:
and you enter you password interactively. As far as I know in such a case password isn’t logged. Of course, it can be used only if you’re issuing commands interactively, for entry in fstab or automatic mounting from a script you’ll have to use ways @vgaetera mentioned.