Only way I can think of to do this would be to make them stored procedures (The profiler would only show the call), but if the arguments are what's secure (which is likely) then that won't help you (Edit: As pointed out in comments you can change the config of the profiler to include this anyway, so this won't help much)

Have you considered not giving access to people not allowed to view the data? Access to run the profiler is a pretty high level of access...

Also, have you considered hashing your data before storing/querying it? Sometimes that won't work, but if we're talking passwords then they really should be stored and looked up in an encrypted form anyway.

There is no way. The "text" column in profiler can not be removed from use.

You need rights to run profiler (sysadmin or GRANT ALTER TRACE) so it's not an implicit right.

Note:

• sysadmins could decrypt stored procs or add logging code, regardless of whether they run profiler
• physical access needs controlled, at least to stop someone taking a copy of the database away
• things like sp_password or ALTER LOGIN are not traced anyway

The profiler can only be run by someone with proper rights so if your installation is properly secured you should be fine (no users should be able to profile your application).This goes beyond security, since profiler slows down the server considerably.