Comment 2 for bug 476480

You are right, authentication for bzr:// wouldn't be safe over unencrypted transports. If someone really wanted to break the authentication, it would work. However, authentication for bzr:// would raise the requirements for unauthorized repository access. Probably enough for many company intern networks. I've seen the use of unencrypted svn:// with simple authentication in several company intern networks.

Apart from that, authentication for bzr:// would be a really nice feature for encrypted transports (e.g. VPN). As far as I know, Bazaar authentication is already possible for http:// which is also unencrypted. If there are reasonable applications for authentication for http://, IMO this means that there are also reasonable applications for authentication for bzr://.