The server.js.logs folder and its contents is clearly visible inside the package (which is just some nested zip files).
On top of that iisnode.exe running in Azure exposes the folder without any regard to the setting in the Web.cloud.config.
Put these two together and you will leak a snapshot of your emulator log when publishing which includes console.log output. Development logs can reveal all sorts of secrets.
Moved to... https://github.com/WindowsAzure/azure-sdk-tools/issues/60