CLI tools have weaker security models than their GUI counterparts bc the assumption is usually that if you have terminal access, you already have elevated privileges.

But in shared environments or CI/CD pipelines, this doesn’t work. And the credential exposure through process lists is pretty bad.