When opening a new sambal connection, the password is leaked into the process table and is visible to anybody running ps on the server.

This might be possible to fix by using the pty driver for password input instead. Don't have much time myself I'm afraid.

smbclient also lets you supply creds via a file as well, that could be an option. Also, maybe passing it via an environment variable could work?

Possibly. Patches are welcome. Unfortunately I don't do much (or any) Ruby development anymore and I don't generally use smb either so I'm not that involved in this project.