When passwords and other sensitive information (such as credit credit card numbers) are copied, there is a risk that users could inadvertently share them with others by opening their clipboard history. This risk could be reduced by displaying text that is likely to be a password as a series of dots (eg "MyPassword123&" could be displayed as "•••••••••••••• (password)"). Ideally, we could also provide a "peek" button in the clipboard picker to allow users to inspect the copied contents before selecting it. I don't know a huge amount about how the clipboard works, but if it's also possible to add metadata to copied text saying "this is a password", that could be another trigger for Klipper to hide the contents. I'm not an expert at C++, but it could be fun to try to tackle this myself if people like the idea.
But how could we detect that something is likely to be a password or a credit card number? Any heuristic we could implement would be either so inaccurate as to be useless, or so over-broad as to trigger at a lot of inappropriate times. I don't think that would work, sorry. As you suspected, there is already a supported way for apps--which know whether something is a password--to provide a hint to Klipper to not display the text. They need to set the "x-kde-passwordManagerHint" metadata hint in the MIME data for the copied text. So IMO the path forward is for apps to set that on known-sensitive data when it's copied.