Insecure handling of hidden variable command line parameters

[wixbot]

In Wix 3.10, a bugfix was made:
http://wixtoolset.org/issues/4731/ (#4731)
that obfuscated the values of hidden bundle variables. I appreciated that very much.

However, since passing sensitive information is considered a valid use case, it would be even better if hidden bundle variable values were stored and passed to the custom bootstrapper application as SecureStrings. By doing so, a user would not have to deal with having its sensitive information available in process memory as plain text.

Currently, all command line args are available by:
Command.GetCommandLineArgs()

My proposal is to remove any hidden bundle variable from there and add it to a separate method such as:
Command.GetHiddenCommandLineArgs()

Since such a change would break the current behavior, I would suggest it for the 4.0 track.
It is hard for me to determine if this is a bug or a feature request.

Originally opened by lillegard

[wixbot]

Command lines aren't secure -- any user can read the command lines of other processes in the same integrity level.

Resolution set to declined
Status changed from Untriaged to Resolved