Sadly, I am the unique case. I'm in this boat because they won't buy hardware or pay to move the hardware they "found" for me into the datacenter.

As for the compiled/interpreted -- that's not really at issue here. The policy not to have cleartext passwords in source is good; I tried to get an exception in this case because I can't use the recommended alternative. I tried to suggest that 'masking' it by using PAR, PP, etc. might be sufficient in this case. No deal - I'm conflicted, because it was the right call for them to make but it's making my life hell. ;-)