BUG #14600: Passwords in user mappings leaked by psql \deu+ command

The following bug has been logged on the website:

Bug reference: 14600
Logged by: Andrew Wheelwright
Email address: andrew(dot)wheelwright(at)familysearch(dot)org
PostgreSQL version: 9.5.3
Operating system: CentOS 6.7
Description:

Scenario:

I'm working with a multi-server scenario where we have several classes of
user. For the sake of simplicity I'll call one class power_user and the
other standard_user. Also for the sake of simplicity, imagine the multiple
servers are called Alice, Bob, and Chuck.

The typical daily use case involve our standard users creating a foreign
table on Alice which references another table on Bob, copying said table
(e.g. create table as ...), dropping the foreign table to Bob, manipulating
data in the table on Alice (i.e. modifying millions of records), creating
another foreign table to Chuck, and copying the data from the table on Alice
to the table on Chuck before dropping both the foreign table and the local
table on Alice.

For our standard users to do their work, they must be able to create these
foreign tables (and no, they're not connecting to the same tables on Bob or
Chuck).

Now, the power_user role has more privileges than the standard_user role.
Specifically, the power_user has grants to other schemas on Alice and Chuck.

Both the power_user and the standard_user have usage granted on the foreign
servers Bob and Chuck.

The Problem:

If a standard user logs into Alice using command line client, psql, and runs
the command \deu+, the password for both the standard_user and the
power_user will be visible in the displayed user mapping. The user could
then log out of Alice and log back in as a power_user. As far as I can
determine, anyone with usage granted on the foreign server can see ALL
passwords for that foreign server's user mappings.

Note: querying the information schema for user mappings does not display
this same security vulnerability. It seems psql is getting the information
through some other means.