It is more of a convienice request than anything. when i first fired it up i was a bit puzzled there was no credentials required, and nowhere in the webgui to set them. Either way if the password is compromised i don't see how making the password change only available by cli helps anything... if somone gains access to the gui, they have all the keys, can sync what they like, and potentially even overwrite the data on synced devices (yay for the .trash). If they change your gui pass, you can always reset it via the config file, but seriously, the damage will already be done. Personally... if i end up putting this into use, the webgui would be bound to 127.0.0.1, just don't sync anything too sensitive, and if there is some important stuff, put it in LUKS or TrueCrypt containers.