>> This works just fine, but anyone who can see the code can see the
>> password...not good.

> Similarly, if you didn't want to ask at runtime all the time, you
> could read the password out of a file in a similar way:

Also, depending on how fancy you want to get, you could store the
password encrypted in a file, and read it in and decrypt it before
using it.  

I don't know whether there are convenient encryption/decryption
facilities in ACL, but even something fairly simple would suffice if
you're not storing very valuable secrets.  Very simple: XOR the
password with some key, and store in a file as a binary number.  XOR
the stored number with the same key to get the password back.  If the
key and encrypted password are kept in separate files, you then need
both to get the original password.  Not as good as PGP, but a lot
better than plaintext.