Howdy:

While I'm struggling through with the politics of this situation,
I thought, out of curiousity I'd post this "theoretical" scenerio
and see what folks here think---since many of you are so familiar
with security issues:

In my workplace we purchase e-content from a number of outside
vendors.

Some, as part of the contract, are required to provide us with
statistics on usage of their content.

So... to provide these statistics to us, they provide us with username
and password to access the statistic archives and usage part of their
website.  This, among other things, allows restricting us to just our data 
and other customers to their data.

Now, some of our people--for convenience--want me to post the
username and passwords for accessing these external vendors's
statistics websites to part of our staff web site.

I say to myself, "It's risky enough sending username and passwords
in the same e-mail.  Why would I want to ignore "common sense" and
post these "website access username/passwords" on a web server sub 
directory even if I do protect it with .htaccess?  Besides being
somewhat dumb? isn't that breaking confidence with your business
contact ---who has bothered to send username and passwords to you
in separate emails?"

Questions:
1) Am I being snitty or is .htaccess generally secure enough?
(My first instinct is: Nothing is completely secure; posting is dumb.)
2) Not knowing what security measures the outside vendors have
taken, wouldn't posting these username/passwords at my end
be irresponsible business behavior?  --or again am I being
snitty and paranoid?
(My first instinct is: If I naively provide this openning, it's
not just me and the vendor that can get hurt but the vendor's other
customers as well if the vendor get hacked.)
3) In the context of work politics, if coworkers choose to
post them on web directories to which they have access, I cannot
stop them, but that doesn't mean I have to give them a helping hand.
(My instinct: there are limits to being a nice guy and helpful
support staff person! Aren't I being asked to put my professional
reputation on the line while the person(s) asking me to do this
are getting off risk free?)

Anyone seen this kind of situation before and want to vent away, I'll be 
reading them all.

TIA,

gs