The swarm client currently supports a -password command line arg, which works great, except that when you use it, the password is leaked in the process table (i.e. when any user on the linux machine runs "ps -AF").

Instead, the swarm client should support a -pwfile argument where the password is read from the user supplied filename (which can be secured via the filesystem).