I've been working on a project for a while (~1k commits, few months work) and I am convinced that it is the right decision to eliminate a specific string occurrence from all files and commits in the tree of the git repository. Commit messages (minus the string occurrences mentioned above) and dates should look normal in the git log afterwards so nobody ever knows that this string existed.
It is totally okay to force-push and break other developers repository clones. It is okay if the solution is not simple! All I care about is a clean history.
Have a look at git filter-branch and the examples there.
You could e.g. delete your password (hope you didn't do that ;) ) from the commit messages with the following snippet if the PW was stored in a line like "My password: XXXX"
git filter-branch --msg-filter '
sed -e "/^My password:/d"
'