My point is there are plenty of cases where you would send the same PII through a server-less function or internal API (IE PATCH /user/profile). The concerns about logging or bugs are the same in both instances. You could make a case that using a masking tool like this would make it easier to share full production logs, but there are plenty of other ways to secure logs that don't involve modifying the runtime behavior.