Always treat code as hostile.
Defense in depth, capabilities, least privilege, fail closed, scrub inputs, escape everything ... I think there have been a few books written on this.
In PHP's case this fellow's slender volume is quite helpful: http://phpsecurity.org/ [phpsecurity.org] . And http://noscript.net/ [noscript.net] .
I agree with your argument but none of your examples. :/
SVN's behaviour with respect to passwords is quite well documented and oft-discussed. If you have the magic bullet answer by all means please provide it in a patch.
(Hint: some OS have secure password storage systems, but none of the m use the same one. Second hint: passwords, particularly any that get sent over the wire in any form, are crap. Oh, just look here: http://subversion.tigris.org/faq.html#ssh-auth-cache [tigris.org] )