Yes, I am aware of SensitiveParameterValue. The ADR I wrote requires to use this attribute in the constructor arguments of the Opaque Object.
However, it is one part of the solution of the Opaque Objects. It does not solve the risks related to serialization and var_dump/var_export.
Managing passwords is a common need for domains like dependency injection, API clients, database access or user authentication.
It can be extended to everything that also requires managing keys/tokens or sensible data in general, like logs management. In this case you would be required to identify the sensible data and hide them if present.
Today, if you wish to secure your sensible data through Opaque Objects, it would be possible to do it in the code you own.
However anytime you need to pass this value to a 3rd party code you would be required to extract (disclose) the data from the Opaque Object and depend on the vendor's ability to keep secured the sensible data in all cases.
For example, it can be possible to leak an API password in the logs if your 3rd party library throws an unhandled exception.
Creating a PSR would bring an interoperable minimum security level for all libraries wishing to implement such security.
Grégory