I was doing more SUL audit stuff, and discovered that some private wikis are in centralauth's localuser table.
mysql:sul@dbstore1002 [centralauth]> select count(*) from localuser where lu_wiki="internalwiki";
1 row in set (0.00 sec)
Additionally 1 from comcomwiki, 1 from officewiki, and 1 from otrs_wikiwiki.
There are also some 40 accounts from foundationwiki, but that's not a private wiki (foundationwiki is also in the localnames table).
I think this is left over from some point in 2008 when those wikis were SUL linked? All the timestamps are from March 13, 2008.
Filing this as a security bug since this information is also replicated to Labs, and is leaking a (very small) subset of those wiki's user tables. This will also cause issues if any of those users are globally renamed.
My proposed solution is to just delete those rows.