safelogging should cover hidden service name and intro-points too
In log messages about a hidden service we operate, we don't replace the hidden service name with [scrubbed].
Historically, this was considered fine, because you have your hostname and private_key files on disk already.
But if the user puts his $datadir on encrypted storage, and the logs aren't on encrypted storage, then the logs could be the weak link.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information