I could not find an enhancement request entry relative to this KB article:
As described there, when using sqlexp with -user [user] -password [password], the plaintext password appears in 'ps' output. We note that even a root process password is readable by non-root users.
Although some obfuscation is possible, it is unclear to me why displaying passwords in plaintext openly to other users is not considered a bug. Or at least considered a bug now if it was not in the original design.
Alternatively - allow for a config file option (-pf) that minimally could be secured from the OS.