If you are on most Unix-like machines, command line parameters to programs are visible to all other processes. on Linux systems you can find it for example via:
ps -p [some pid here] -o args
Discussion
they can also read from any file as well. I treat my system as a safe area, but this is still more of a dev version. release version will have encrypted flatfiles for storing keys. although even that is annoying because you have to enter a password every time you open the app. not even signal desktop does this.
on macos we are looking into using local auth for encrypting/decrypting which would be way more slick