2. Passwords are generally low entropy. If you've used your mining pw elsewhere change it now.
I use a
securely generated random password for every slave and every pool. Even if the passwords aren't hashed there's no way any attacker can get into any other pool account.