A slave node in a secured Jenkins environment requires jnlpCredentials in order to connect to Jenkins. These credentials are supplied via the -jnlpcredentials command-line argument to the java command, but that easily exposes them to others.

For example:
java -jar slave.jar -jnlpCredentials user:pass -jnlpUrl http://somewhere/xx.jnlp

Please provide an alternate parameter for the option that allows the slave credentials to be supplied in a file that is read during slave start-up. Alternately, you could select a file name (e.g. .jslaverc) that would be checked for credentials if you didn't want to introduce a new command-line parameter for slave.jar startup. Either way would get the credentials off of the command-line, making them less accessible to other users of the system.