If the value is still passed as an environment variable in the end, it can be read via /proc/:pid/environ from another container or from the host if they are both using the same UID (or has --cap-add SYS_PTRACE)

A developer had force pushed changes to remove some secrets from the repo. Then another developer who had missed the part about the cleanup saw the errors during git push and proceeded to just merge the changes. Cue absolutely fucked commit history where you had all commits twice with individual change commits sprinkled between both.