Does this have anything to do with SANUR ( http://www.commandline.co.uk/sanur/ ) no longer being supported? Mind you, I don't recall SANUR obfuscating the password.

Do you do anything to check if the executable name matches the internal name in case someone tries renaming it in an attempt to elevate one's rights? Do you check its CRC?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.