If credentials are given in the command line url parameter these show up in 'ps'
/usr/bin/duplicity --verbosity 4 --encrypt-key FD3846C2 --sign-key FD3846C2 --gpg-options= --exclude-globbing-filelist /root/.duply/bkp/exclude /backup/ ftp://<user>:<PASSWORT>@<backupserver>/backup
suggestion is to introduce env vars URL_PASSWORD/URL_USERNAME and to keep FTP_PASSWORD for ftp backend only and backward compatibility. The fact that FTP_PASSWORD can be used with nearly all backend is afaik not documented. Even so duply 220.127.116.11+ will use it until this bug is resolved.
for the future a config file based auth as mentioned in
could make sense.