diff --git a/kmip/core/config_helper.py b/kmip/core/config_helper.py
index 38754cc..1b167f0 100644
--- a/kmip/core/config_helper.py
+++ b/kmip/core/config_helper.py
@@ -47,6 +47,10 @@ class ConfigHelper(object):
 
     def __init__(self, path=None):
         self.logger = logging.getLogger(__name__)
+        # DEBUG logging here may expose passwords, so log at INFO by default.
+        # However, if consumers know the risks, let them go ahead and override.
+        if self.logger.level == logging.NOTSET:
+            self.logger.setLevel(logging.INFO)
 
         self.conf = SafeConfigParser()
 
diff --git a/kmip/services/server/kmip_protocol.py b/kmip/services/server/kmip_protocol.py
index 0be8a41..0a0c168 100644
--- a/kmip/services/server/kmip_protocol.py
+++ b/kmip/services/server/kmip_protocol.py
@@ -27,6 +27,10 @@ class KMIPProtocol(object):
     def __init__(self, socket, buffer_size=1024):
         self.socket = socket
         self.logger = logging.getLogger(__name__)
+        # DEBUG logging here may expose secrets, so log at INFO by default.
+        # However, if consumers know the risks, let them go ahead and override.
+        if self.logger.level == logging.NOTSET:
+            self.logger.setLevel(logging.INFO)
 
     def write(self, data):
         if len(data) > 0: