I was about to commit Ben's suggestion of changing the --password help text to
"specify a password ARG (this usually is not secure)" as a first step that would be useful on its own regardless whether we do something more. But then I thought about how users (myself included) tend to ignore warnings that are vague and unqualified: a "don't do that" without explaining the consequences. Does this apply to my situation?, I would wonder. It might make them/me pause for a moment, but if there's no easy way to learn why I shouldn't do X I will probably go ahead and do it. So how about: "specify a password ARG (insecure: on many systems, other users can read the command-line arguments)" Is that clear enough? - Julian
