Suppose I have the following code in a PHP web application.

$encrypt ? $password = generatePassword($passwordstrength): $password="";
$estring = "7z a -p$password -mx0 packFoo.aes.7z mydir/foo";
if($encrypt) {
    exec($estring);
}
mailuser($password);//uses standard PHP mail function

The password is generated at random by a function that uses PHP rand().

I have not found the password in /var/logs and not in .bash_history.

I need to know if the value of $password can be recovered from the server in the event that the server is compromised. Ultimately, can I claim that the value of $password is not stored on the server?