in reply to Embeded passwords
There is no easy answer to this one. If you store the password where the script can find it, anyone with the same rights as the script can do the same.
If you have a more secure environment nearby (i.e. root account while script runs as user), you might put the secure part into the root account and leave the user script without knowledge of the password. I.e. a root suid script does the authentication. It also logs the call and alerts everyone if it gets called too often, from the wrong script, at the wrong times.