We don't need to have editapplication (only showapplication) in the

sensitive array because it doesn't expose the consumer keypair

lib/util.php

@@ -1088,8 +1088,7 @@ function common_is_sensitive($action)
         'ApiOauthRequestToken',
         'ApiOauthAccessToken',
         'ApiOauthAuthorize',
-        'showapplication',
-        'editapplication'
+        'showapplication'
     );
     $ssl = null;