I see your point. The intention was to make it easy to open multiple buckets from a cluster object, so the cluster’s configuration is cloned (or via another existing bucket configuration) since the cluster’s nodes are already known (its post bootstrap at this point).
I think a simple solution here would be to remove the password from the configuration clone routine. Thoughts?
-Jeff