Alexey, you are write that the operation log does show the PFX password in clear text also when deploying a certificate over PS the password is also in plain text even when the communication channel is encrypted over SSL similar to as below:
HTTP Method:
POST
Absolute Uri:
https://management.core.windows.net/*****/services/hostedservices/avkashnewpass/certificates
Headers:
x-ms-version : 2012-12-01
x-ms-client-id : ***********
User-Agent : Windows Azure Powershell/v.0.6.11
Body:
<?xml version="1.0" encoding="utf-16"?>
<CertificateFile xmlns="http://schemas.microsoft.com/windowsazure"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Data>*************************************</Data>
<CertificateFormat>pfx</CertificateFormat>
<Password>clear_text_password</Password>
</CertificateFile>
I have taken your feedback and provided to proper folks who can address it properly.