VMs should automatically be scrubbed. This should extent to both the API and Control panel.
Data privacy is a rigth a user should never be able to turn off, much less having it off by default.
And changing an API method default's behaviour without notice is bad, that is what API version numbers are for.
An "optional and disabled by default" flag to make your virtual private network really secure?
As per our blog, we will be issuing a software update today to change this behaviour. http://digitalocean.com/blog
At the very least, the default should be a per-customer setting, and *that* should default to "scrub on destroy". People who want to cost optimize droplet destruction can take the associated risks with not-scrubbing.
The option not to scrub also needs to be surrounded by large blinking text that explains the ramifications of that choice. The current wording in the UI and documentation is completely lacking when it comes to that.
Oh, God, yes, please, not scrubbing data automatically that is handed back to DO for reallocation to other users is just so utterly, inconceivably wrong. It shouldn't be an option. You should just do it. Period, end of story.
You won't be notified about changes to this idea.