Comment 1 for bug 379412

I agree using "script-security 2" isn't exactly backward-compatible but since previous versions had an insecure behavior it's a good trade-off. Passing passwords via environmental variables is... risky at best.

The rest of the bug is a dupe of bug 340120. Please followup there.