Hillary Clinton’s use of a personal email server while secretary of state has inevitably become a fully inflated political football in these early days of the 2016 presidential race—with the right somehow linking the emails to the late Vince Foster, and Clinton’s allies offhandedly dismissing the value of open government with comments like “people don’t care about email policies."

But make no mistake, the scandal has highlighted the very real dangers to government transparency that result when politicians use private accounts to conduct official business. The scandal also highlights important concerns around cybersecurity and overclassification.

Here’s the background. Shortly before being sworn in in 2009, outgoing Senator Clinton set up a private email server at her home in Chappaqua, New York and registered the domain “clintonemail.com.” Two months later, Secretary of State Clinton started using that email exclusively for all correspondence—both private and government.

This practice was at odds with relevant guidance at State. Further, by keeping all emails, private and professional, on one server, Secretary Clinton effectively gave herself personal veto power over what would be subject to open records laws and what wouldn’t. And, in fact, that’s what happened. Although Secretary Clinton turned over 55,000 pages of emails in 2014, she made the determination on what to disclose and what to destroy (including over 32,000 emails that she deemed, at her sole discretion, private).

Fortunately, the laws have changed since then and high-ranking officials are now expressly required, if they use personal email accounts for government business, to send a copy of the work email to the government within 20 days. That requirement must be enforced strictly.

So what are the concerns?

The open government point should be obvious. Ironically, the Clinton White House was the first to recognize the importance of email as potential federal records. Previously treated as akin to disposable pink phone message pads, then-Staff Secretary John Podesta wrote a memorandum in 1993 clarifying that emails qualify as presidential records and must be retained. Out of concern that records could be lost, that memo barred the use of personal systems.

Violations of that policy during the Bush administration starkly highlighted the danger in allowing government officials to conduct official business using private accounts. As the Committee for Responsibility and Ethics in Washington has documented at length, various Bush White House officials used Republican National Committee accounts to communicate with Attorney General Alberto Gonzales in what would become the scandal over the hiring and firing of United States attorneys that the Department of Justice later found to be the inappropriately politicized.

The decision by Secretary Clinton to use “clintonemail.com” exclusively for official business disregards these historical examples. Unfortunately, officials can face the strong temptation to hide official business out of the reach of Freedom of Information Act requests. And as the new retention rules recognize, that’s unacceptable for our democracy.

On cybersecurity, the concerns are perhaps less apparent but are just as acute. As ACLU Principal Technologist Chris Sogohian has noted at length, you’re “on your own” when protecting a private server from hackers. With a government email account, you’ve got an entire IT apparatus protecting your information. Indeed, security for the government system is going to incorporate state-of-the-art techniques developed by the National Security Agency, which, despite its issues with mass surveillance, is pretty good at keeping hackers at bay.

Finally, the email controversy highlights the incoherence and unfairness of existing classification policies. Despite the fact that the State Department routinely deals in extensive volumes of classified information, Secretary Clinton has said that absolutely nothing in her private email was classified. As many classification experts have noted, that’s pretty astounding if true, especially given that, as we now know, President Obama himself communicated with Secretary Clinton using her private email. Worse, and regardless of whether the claim is true, Secretary Clinton is virtually assured of immunity from any investigation into the improper handling of classified information, let alone legal consequences.

That immunity should be seen as of a piece with the amazingly lenient treatment of General David Petraeus, who pleaded guilty to a misdemeanor earlier this month for giving classified documents to his mistress while serving as the head of the CIA. And it contrasts tragically with the 35-year sentence imposed on Private Chelsea Manning (who, ironically, was prosecuted in part for releasing State Department emails), or the three felony charges facing Edward Snowden, or the months and months of hard time to be served by the unprecedented number of other national security “leakers” prosecuted by the Obama administration.

Fortunately, this whole imbroglio leaves us with a teaching moment. Secretary Clinton could—like President Obama in 2008—pledge a new-found commitment to open government. If she does decide to run in 2016, she should acknowledge her mistake in using a private server and embrace the cause of government transparency as a campaign promise. That’s actually the best way to give her team possession of this political football—not to mention being the right thing to do.