As does seem to be the custom these days...
From the ticket page:
The exception notification plugin doesn't respect filtered parameters and, as a result, emails can be sent out that contain some interesting data (*cough* credit card numbers *cough*).
Attached is a patch (with tests) that uses the controller's param filtering to make sure emails don't contain any surprises.
This fixes a potential security problem for anybody using the ExceptionNotification plugin and processing sensitive information.