Passing it via stdin is more secure, since arguments are visible in the process tree.
Passing a secret value as an argument is typically more risky. Whenever something is passed as an argument, all other processes running under the same user (and sometimes all other users' processes, period) will be able to view the arguments for each process. This is why you can see arguments by running ps aux. Passing a value via stdin, on the other hand, sends it through a file descriptor. This descriptor will not be readable by unprivileged processes. If your threat model involves other malicious, local processes, you should send the sensitive material through stdin.
Passing data through stdin involves passing it through a file descriptor which the program can read using standard IO calls. In this case, it will be just as secure as opening a file to read from it. Command line arguments, on the other hand, are kept in a process' argv in memory. A program simply has to access that address of memory to view the arguments. This data is, however, visible to other users via that process' /proc/<pid>/cmdline. This is actually also the case for environmental variables on some systems (especially older *nix systems), so passing secrets through the environment is not necessarily a good idea either.