This is protection against "user error".
In many Hive applications, a user can send a transfer or some form of custom_json, and sometimes they don't understand the instructions of an app, and accidentally put a private key into their actual transaction. Most commonly this is done when someone puts a private key into a memo field. This is pretty rate, but it does happen, and then everyone can see their private key (hence we call it leaking a private key).
We're designing Wax so that any app that uses it to construct transactions will automatically get a check that detects such leaks and prevents these transactions from being broadcast.
So there are no real leaks technically, but the users are publishing their own private keys with the custom_json transactions by their own mistake, and the goal is to prevent these transactions to protect the accounts of the users.
Now I understand.
Thank you for the reply.
Amazing 🥲