It seems that according to dev.mysql, they recommend just securing the logs rather than sanitizing them.
To guard against unwarranted exposure to log files, they should be located in a directory that restricts access to only the server and the database administrator.
Replication slaves store the password for the replication master in the master.info file. Retrict this file to be accessible only to the database administrator.
Database backups that include tables or log files containing passwords should be protected using a restricted access mode.
It would appear that this issue was fixed more elegantly in later versions of MySQL. See: http://dev.mysql.com/doc/refman/5.7/en/password-logging.html
In MySQL 5.7, statement logging avoids writing passwords in plain text for the following statements:
CREATE USER ... IDENTIFIED BY ... GRANT ... IDENTIFIED BY ... SET PASSWORD ... SLAVE START ... PASSWORD = ... CREATE SERVER ... OPTIONS(... PASSWORD ...) ALTER SERVER ... OPTIONS(... PASSWORD ...)
Passwords in those statements are rewritten not to appear literally in statement text, for the general query log, slow query log, and binary log. Rewriting does not apply to other statements.
So, unless you can upgrade to a later version, your solution seems like it may be the right one.