[api] Strip password from request environment if exception is thrown.

Exception notifier would've picked this up. There are other request
parts (like raw_post_data) containing the password but these seem to be
stripped by exception_notifier itself.