The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
http://www.securityfocus.com/bid/27938
http://www.debian.org/security/2008/dsa-1501