Oh, how funny, of course! When I first implemented this kludge my PATH pointed to PG 7.0, my PG 7.1 install was in a test directory, so I needed to provide an explicit path to its bin directory. I never bothered to test without the param after installing PG 7.1 for real.
How embarrassing! Thanks, Pascal.
Yes, as far as password login I couldn't see any way to make that work, either. I think you should bring this up with the PG hacker's group. Yes, it's a security problem to have the password lying around in clear text but this is already the case for the driver accessing the db via pglib. Being able to pass the password in to psql via a switch wouldn't increase the security risk at all, at least in our environment.
And, of course, if someone thinks it is a security risk they wouldn't have to use it.
Probably wouldn't get it until 7.2 but it seems like a reasonable thing to lobby for.