I just started learning and experimenting with TEAL smart contracts, so apologies if this topic is already covered somewhere.
In examples akin to this one https://developer.algorand.org/tutorials/writing-simple-smart-contract/#3-check-the-length-of-the-passed-in-passphrase I noticed a (concerning) pattern like that:
// The sha256 value of the passphrase arg 0 sha256 byte base64 30AT2gOReDBdJmLBO/DgvjC6hIXgACecTpFDcP1bJHU= ==
This implies that the passhrase is, essentially, a plain text. Now, I assume that multiple random network nodes are involved in validation and, therefore, have access to the smart contract arguments. So it’s not hard to create a malicious node which will collect smart contract arguments and will eventually allow malicious actors to gain access to security critical data.
Is this concern valid and if not what would prevent such kind of an attack?
And if it’s plausible, why this practice is not discouraged in the tutorials?