In project variables, sometimes you need to set passwords for service installation or database access. These are sensitive information, mainly when considering production environment, so just specific people should have access to that information.
My suggestion is to Octopus Deploy hide these variables (using ******** for variables that contains “Password” on name, for example) or provide some way to set visibility level of the value, using security groups.