While testing on Windows, I noticed that the security token is hiding in my logs! (see the attached screenshot).
I have a feeling that this is because the security token is being logged with Unix-specific line endings \n instead of Windows ones \r\n.
Ideally we should be using our logging framework or some cross-platform abstraction to make this a bit easier
If you can't find the security token in the screenshot, it's only one line starting with "*****"