So they can shell out to something else to get the password.
Would be great for interacting with GPG.
A good solution would be with a config option (per account?) to either use in-built PGP support or a custom command. The command would accept the PGP message to decrypt on standard input. Is there any other information this command could require to do its job? (if there is, it could be passed via environment variables).
I think tut (https://github.com/RasmusLindroth/tut#password-manager-for-secrets) implements this