Thanks for your thoughts. I never thought about multiuser situations where you might not want scripts to know the http password of the remote user.
OK, suppose I just assume that if a user is in $ENV{REMOTE_USER}, s/he is authenticated. Am I exposing myself, beyond the normal problems of http plaintext authentication?