I assume other processes running as the same user can still freely read the environment, for example using `ps -Eww` on Mac or inspecting /proc on Linux, right? If so, that's an easy way for a rogue process to bypass the local encrypted vault entirely.

Yes. Every clone of this idea does the same thing and a new one pops up every week. When I try to point out that the secrets should be exposed through file namespaces instead of ENV vars, the amount of hostility is shocking.