HashKnownHosts provides an appearance of security but is actually
[easily crackable](https://github.com/chris408/known_hosts-hashcat) and
doesn't prevent leakage from other sources, such as the shell history or
SSH config. Most importantly, it makes properly maintaining the list
tedious and error-prone by making it hard to remove changed keys and
impossible to remove obsolete entries, therefore possibly weakening
security. Security should be enforced by password-protecting SSH keys
instead.
