There's no reason in this day and age still to be shipping passwords around in cleartext. Better to use some form of encrypted capability `tickets' a la kerberos (to pick an example).