This script:
- redirects with password in URL, which causes password to be in log files and web analytics software
- uses "immediate reindex"
- uses manage_setLocalRoles instead of proper roles definitions (so roles are lost when roles are regenerated and other problems)
A more proper way seem to use credential request