quote:
$pass=password in the .exe package creator would provide some level of security
Are you sure? Unless the execution string is encrypted in the executable you will be able to view it as plain text. There are many tools to do this, but the simplest way is to open the file in an editor and page through it.

Your command line parameter will probably be easily located, either by search for "pass", or "p^@a^@s^@s", where "^@" is a null (for unicode executables).

I've had to do this two or three times in the last year to get access to "compiled-in" information. People are generally shocked that what they had assumed to be secure was in fact trivial to reveal.