From: jpp@markv.com
Subject: Alpha testers wanted: GNU Emacs, RMAIL, and PGP [...] Pgpmail also helps fix a known security hole -- it doesn't send you passphrase on the command line, but uses the environment instead.
The security-conscious way to send something to a subprocess is to use a pipe.
Looking at environment variables requires just a single extra flag to ps(1).
If PGP can't be set up to use a pipe to get the passphrase, it would be best to
modify PGP to clear its arguments when it's done getting a copy of them.
--
Scott Northrop