I could not find an enhancement request entry relative to this KB article:


As described there, when using sqlexp with -user [user] -password [password], the plaintext password appears in 'ps' output.  We note that even a root process password is readable by non-root users.

Although some obfuscation is possible, it is unclear to me why displaying passwords in plaintext openly to other users is not considered a bug.  Or at least considered a bug now if it was not in the original design.

Alternatively - allow for a config file option (-pf) that minimally could be secured from the OS.