I'd note that sending cleartext credentials is just wrong regardless of the ssf the server requires. OpenLDAP's ldapsearch assumes users know what they are doing. Actually, this client is mainly intended as a tool that allows to perform operations with as many parameter combinations as needed to test the functionalities of slapd. What you recommend would probably be appropriate for a "real life" client implementation.
Moreover, the only way to test whether the security factor requested by the server is in place would require the client to attempt a simple bind with intentionally invalid credentials; considering slapd's possibility to configure security per-database, one would need to either use the "right" DN (thus exposing it), or a fake DN that for sure is within the same naming context, and incorrect credentials. I believe this amount of wisdom is beyond any "real life" client implementation.
Of course I would not object to any patch for ldapsearch (actually, for all clients) that solves this problem in a general manner without requiring any user intervention.
p.