If you don't want usernames and passwords, you can always use certificate based authentication.... Of course then, the issue with the key on the server changing becomes that much harder because now you have a client key to manage as well. I think that in a better world, this type of integration would be managed by a system that has first class support for SFTP and would allow this type of connectivity without worries such as the username and password being stored in a file in clear text... just my 1.4 cents worth.