In some extenuating circumstances, it may be necessary for editor safety to preemptively redact actor details (e.g. username/IP address) from making their way into EventStreams. Some stop-gap measures to address this problem exist, but the cleanest solution is to implement this functionality into Mediawiki, via new extended admin rights.
This task has strong support from the WMF Security and Privacy team.