That is the implementation of the sample code which was designed to be isolated stand-alone examples of the use of some of our interfaces and methods. The goal wasn't to provide recommendations for building secure client applications. Obviously it is not recommended to include a username and password in clear text in any production code. Most generally passwords are encrypted and stored in a separate location (most likely a database) and retrieved and decrypted by the calling application before issuing the web service request. In the case of these sample applications it is also possible to remove the credentials from the command line arguments and then prompt for them afterwards and mask the password with asterisks.
-Joe