By default, when a process is started, it inherits the environment of its caller. In the context of external chaincode, the environment of the peer is propagated to the builder. Given most users of the peer rely on environment variables to influence the configuration, it's quite likely that sensitive information is accessible in the environment.
In order to reduce the likelihood of information leaks via the environment, the external build configuration element in the peer should be extended to support and environment variable name whitelist. Any environment keys in that list will be propagated to the external builder.
The default list should contain PATH, LIBPATH, and TMPDIR. It's likely that environment variables like http_proxy/HTTP_PROXY will be added by users.