The fix for T207085 is incomplete.
(Part 1) Suppressed usernames can still be recovered (by any user, even logged out) from page histories via the page_recent_contributors variable. This can be done by examining any un-suppressed recent change to the page, or (possibly) by triggering a filter that lazy-loads that variable. Of course, this will only work until ten distinct editors touch the page, but for some pages (for instance user pages that have been accidentally edited logged out) that could take a very long time.
-->This is covered by T71367
(Part 2) Both api.php?action=abusefiltertestmatch and Special:Abusefilter/test allow anyone with the abusefilter-view-private or abusefilter-modify rights to recover, one bit at a time, the full details of any suppressed abuse log entry, and the partial details of any suppressed recent change. For example, suppose new_wikitext == "XYZZY".
Then we can try:
new_wikitext rlike "^[\x80-\xff]" (false, so first bit is 0)
new_wikitext rlike "^[\x40-\x7f]" (true, so first bits are 01)
new_wikitext rlike "^[\x60-\x7f]" (false, so first bits are 010)
This would be tedious to do by hand, but a trivial script could unhide any desired variable within minutes or hours. The same trick also works on recent changes, but only on the username and summary, not the wikitext.