Unfiltered Password in Exception Notification

If someone submits a password in a form, and an error triggers
exception_notification, the password is shown in plain-text under
“rack.request.form_vars” (even though params is filtered properly).
Using Rails 2.3.

Best,
–Daniel