If you're developing in a container then you would have to be doing it without doing something like say, mounting your home directory into it.

The reality here is this is the sort of attack SELinux should be good at stopping (it's not because no one uses SELinux, the policies most commonly used don't confine the user profile in a useful way, and a whole bunch of tools love ambient credentials in environment variables).