Wide events are fine until someone puts personally identifiable information (PII) in them. Then you're in a bit of a mess as you've presumably taken PII out of an environment with one set of access controls, and into a separate, different environment, with access controls that are for a different purpose than required by the data.
Wide events described in this article seem to equal structured logging but a more loose dumping ground. So yeah to an extent it has this problem, just more so.
How does tracing? Are folks adding PII to spans? I suppose you could but I'm not sure why.