I left out part of the explanation, sorry. SSH allows you to setup keys which are only able to run a single command which is specified along with the key in the AUTHORIZED_KEYS file. I wrote about it before with some code samples here. You are setting up levels of trust between machines any-way, this way the access is limited and controlled and login access is not allowed. I think a key without a passphrase that can only run one command is somewhat less nasty than having a passphrase/password in plain text which has login access to the remote machine.

No disagreement from me on your other points :)

--
Life is a tale told by an idiot -- full of sound and fury, signifying nothing. William Shakespeare, Macbeth