For the amazon.aws collection while looking into the way that the amazon.aws.ec2_instance module handles the "tower_callback" parameter. There is the potential for the Windows password to leak into logs when using "tower_callback.set_password". Because the tower_callback parameter is just a raw dict, rather than having options set, no_log does not come into play and tower_callback.set_password, if set, can be leaked into the logs.
https://github.com/ansible-collections/amazon.aws/pull/1199
Upstream amazon.aws 5.1.0 has now been released with the fix - https://github.com/ansible-collections/amazon.aws/releases/tag/5.1.0 - https://galaxy.ansible.com/download/amazon-aws-5.1.0.tar.gz