You should not make secrets available to a user in plaintext in any scenario. Secrets can instead be pulled from a secure secret storage system by the service requiring them.
Sensitive data could be exposed in the AWS Management Console
Use secrets for the task definition
The following example will fail the aws-ecs-no-plaintext-secrets check.
The following example will pass the aws-ecs-no-plaintext-secrets check.