The first problem is due to the fact that there is no standard function
in VM to read a password without echoing it. It's easy to do in
assembler, just not in high level languages. Most sites have DIRMAINT and
that comes with a utility to read passwords. If present, it is used, if
not the password is echoed.
The apparent security problem is due to the fact that the server you are
talking to is on the same machine that you are sending the command from.
VM guarantees to LISTSERV that the file it received really came from you.
So, just as passwords are not needed with TELL from local users, they are
not needed with SENDFILE from local users. If you were sending over the
network, the password would of course have been checked.
Eric