Noticed this several years ago, I believe I submitted a request to VMware to encrypt this field - just as the new Administrator password field is. Obviously, this hasn't been done. Perhaps additional "Feature Requests" from you and other who would like to see this could help.
One thing you can do is remove the key from the customization and require the VLK manager to enter it upon first boot of the new system when prompted. Not optimal, I'm sure.