I tend to agree with Yelena. If you don't trust them, they shouldn't be there anyway. Company data or intellectual property would fit this area. However, with customer personal data, like SSN, DOB, CCN, and other similar personal and credit data, I would make the effort to obfuscate/random generation for testing, as only those who actually need to know to conduct business should ever see these, and then only when they absolutely must. If there is a way to automate it so they do not see it, I go for those methods.