sshd sends its syslog messages using the AUTH facility instead of AUTHPRIV. (According to the syslog(3) man page, the use of AUTH is supposed to be deprecated.) The result is that sshd messages go into /var/log/messages and not /var/log/secure. Since redhat leaves both these log files readable only by root, the problem is not one of privacy. Rather, it is good practice to periodically scan /var/log/secure for possible breaking attempts, etc, (it is usually much shorter than messages). Not having any ssh entries there is a bad idea, imho. A simple and immediate fix is to change the entry in /etc/syslog.conf for /var/log/secure from authpriv.* /var/log/secure to auth.*;authpriv.* /var/log/secure sshd messages then go into both the messages and secure logs, but that's ok. I think that the above change to syslog.conf is a good idea anyway, even once sshd's logging gets fixed.
This will be fixed in openssh-2.2.0p1-8 and later. Thanks!