According to the WordPress docs at
https://codex.wordpress.org/Debugging_in_WordPress the option exists
to enable a debug log for a number of actions in WordPress. In true
WordPress style, this file is dropped into a web-readable directly,
with no consideration for who may be able to read the file.
Being a debug log, as you would expect this file can include full SQL
queries, full file paths, usernames, passwords and all other other
detail you'd expect in a debug log!
Of course, Google has picked up a number of these files, and I'm sure
there are many more just a quick scan away probably only protected by
GHDB Entry: https://google.com/search?q=inurl:wp-content/debug.log