Correct. How you choose to handle passphrase storage and usage is completely up to you. If your programs operate in such a way that you can enter the passphrase only during startup then you will further prevent tampering or use of your trading programs without your authorization.
Cool. I guess in theory I could have done this before by encrypting my API key with a passphrase, but this is much easier.