Yes, it looks like the diagnostics tool is grabbing the entire process name including all env vars defined for the container, the env vars will specify (amongst a lot of other things) the username and password for the vpn provider, i assume this would be true for any env vars for any container, not just this one.
obfuscation of credentials is actually quite difficult to do in a robust manner, line wraps or other unexpected conditions can cause the credential to leak even if obfuscation is used.