Agreed! The only way to avoid that would be to set up a elaborate sudoers file which will permit the web user nobody/wwwrun to run a set number of commands as a particular userid w/o a password. Just don't do it. It's a bad idea.
If you have a particular task in mind, there is probably a different, more secure way to go about it.