If you're getting the little scroll-down or pop-up window from your browser then the credentials approach, and the reading zentara gave, is the right approach. But if it's a web application controlled sign-in, where the stuff is in the (D)HTML as a form then you have to use the form submitting facilities of Mech. They're well documented in the Pod. Set some sort of cookie jar (see the Mech docs) and then you just post your username/pass (or whatever info is required to sign-in) and follow along from there.

Security is another issue. If the stuff isn't running under https then it's not secure. If you're inside a closed network then you're semi-secure. Your stuff could still be intercepted by someone malicious who is also inside the network. Hard coding passwords is a bad practice. If you have to do it, at least get a special user account created for the task that has the bare minimum permissions/access so it won't compromise a real person's account (or employment or legal troubles for that matter). On that note, you should make sure that what you're doing is entirely kosher with your manager and security group. You might be violating your employment agreement without even knowing it and as you can hear here, even ethical hacking which is nothing but beneficial to your employer can land you in serious trouble.

If you're serious about security, you should probably see about getting the information at the file-network level. Maybe they can mount the other machine somewhere with special user/perms for your stuff to be able to see.