Under Linux, when using the mysql client binary, passing the
password via the MYSQL_PWD environment variable is more secure
than passing it on the command line with the --password option,
because:

-the argument vector is world-readable via /proc/$pid/cmdline
although the cmdline password is overwritten by the mysql
process (with a bunch of x characters),
-there is still a time window after process start and overwrite
where the password can be observed by any user,
-in contrast to that, the environment vector is only readable by
the mysql invoking user and root.
But having the password in clear text easily accesible via
/proc/$pid/environ (or via an equivalent ps command) - even for a
restricted set of users - for the complete mysql client
runtime is suboptimal on sensitive systems.

As a defense-in-depth measure, this change redacts the MYSQL_PWD
environment variable under Linux. Thus, this increases the effort
for an attacker to read out the password (in contrast to just
being able to read out /proc/$pid/environ).

This change complements how the mysql client deals with
passwords supplied on the command line (cf. the --password option).

To test this change:

Create DB test user - say - juser

Connect with the command line client, e.g.:

$ MYSQL_PWD=geheim /path/to/bin/mysql --socket path/to/mysql.socket --user juser

Check (in another terminal) that the environment variable is indeed redacted, e.g.:

$ < /proc/$(pidof mysql)/environ tr '\0' '\n' | grep MYSQL_PWD

MYSQL_PWD=xxxxxx