Some sites require the periodic deletion of .bash_history and .history files as a security policy, because they're quite likely to contain passwords and other secrets in them.
Sounds like something that should be optional in the shell itself, scrub command before writing to history.
Naive non-programmers version: use a hash table to censor all substrings of a given length range that match against it ... sounds like it might be expensive (in compute time), also you have to keep a list of those hashes around.
Bet it's been wontfix-ed in at least one major shell?
See the HISTCONTROL environment variable in bash (and maybe something similar in other shells):
HISTCONTROL
A colon-separated list of values controlling how commands are
saved on the history list. If the list of values includes
"ignorespace", lines which begin with a space character are not
saved in the history list.
[...]
This is convenient because any time you don't want a command saved in history, just start it with a leading space.
Also look at HISTIGNORE for finer grained control.
