Summary
As the vault login is intended for human use, when manually logging in via the CLI, by default the token is included in the command output. Typically, this is followed by a series of commands, which may or may not be run on the same machine or terminal session. As such, providing the token in the output is done to facilitate the user in their subsequent Vault usage without having to continuously rerun the same login command.
To address security concerns, the -no-print flag was introduced. Usage of this flag to suppresses all output from being printed to screen is as follows:
vault login -no-print=true -method=userpass username=test-user