You can implement the Stringer interface for the type which prevents it from being logged and since it's private, code from outside of the module can't enumerate it. Of course it's still accessible via reflection or memory dumps etc, but isn't that the case with Java etc? Storing a plain text password like this is a bad idea anyways.

I guess my point is that a structural type system can still allow for encapsulation.

> You can implement the Stringer interface for the type which prevents it from being logged and since it's private, code from outside of the module can't enumerate it.

Those sound like decidedly non-structural features. And couldn't you undermine them by passing it to a function that expects a different `struct { pw string }` and logs its contents?