I realize that since KIX is an interpreter and doesn't run compiled code, a good portion of the script would have to be unencrypted and buffered in memory. This leaves the code vulnerable to any memory ripping. Passing of some passwords will allways be too risky. One needs to weigh the risk and decide for themself. If the password only gets you local admin rights, the risk may be worth taking, maybe not. FE, If I stole my HR manager's laptop, got local admin rights, and scoured the HD for say, union negotiations... well, you get the picture.

While safeguards could be put in place to test whether KIX is running from logon, whether the speed of execution is reduced by an external debugger, etc., these too could be overridden by a good hacker. I think what is needed is a server-side service that the client-side service sends security requests to.

_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.