Maybe I'm missing something, but what is the point of password protecting a script if the user can edit the script and read or bypass the password? That, to me, is just security by ignorance.
I would opt for another approach. Setup a resource that the user needs to authenticate against and put the second script in that resource. If the user fails to authenticate, it is end of story. There is no way for the user to circumvent the security.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
