In src/main/java/org/apache/maven/plugins/help/EffectiveSettingsMojo.java:156-198:
Only servers and proxies are manually deep-copied. The profiles list is shared with the original via the shallow SettingsUtils.copySettings(). Profiles can contain sensitive data (passwords in properties) that would be exposed if the original settings object is later queried expecting the copy to be isolated.
In src/main/java/org/apache/maven/plugins/help/EffectiveSettingsMojo.java:156-198:
Only servers and proxies are manually deep-copied. The profiles list is shared with the original via the shallow SettingsUtils.copySettings(). Profiles can contain sensitive data (passwords in properties) that would be exposed if the original settings object is later queried expecting the copy to be isolated.