Well I cheated. I hid the data from the module that gave out the database handles into a config file, and I reexported that data to one other module.

Turns out that some bulk database transfers were orders of magnitude faster with bcp, so I really did need the name/password. But only in one controlled situation...