Description
Passwords that are passed on the command line are trivial to expose by doing a /bin/ps during command execution. Instead, passwords (and usernames) should be acquired through alternative means, such as setting an environmental variable that will be picked up and added to the parsed options without adding them to sys.argv.
(I have a trivial patch that we are using to accomplish this.)