We have a large user base that often shares mxds with one another. It is far too easy for a user to save their password in an mxd and then give it to another user. If the first user then changes their password, their Oracle account will get locked by the other user opening his mxd.
There appears to be no easy way to resolve this other than tracking down every single mxd on the network and local PC and deleting it.
ArcMap and ArcCatalog treat connections to the same instance/server as the same. In other words if in Catalog I have a connection as the SDE user to an instance called SDE_DEV, and I then open an anonymous connection file to SDE_DEV, I get connected automatically as the SDE user.
The same thing happens when you try to change the data source from a saved connection to an anonymous connection, because the server, instance are the same, nothing happens and your password is still saved.
I have tried the arcpy "findAndReplaceWorkspacePaths" but this will not remove saved passwords to the same instance. Another problem with this is that it does a string search and replace based on the name of the connection file. If 10 users create a connection file to the same db, what are the chances of the conn file names and paths being the same and useful for search and replace? If instead the search and replace worked on the basis of server/instance and was able to change username/pwd and remove any saved passwords then this would be useful for SDE.
Using local/user specific connection files and saving passwords is workable with small shops but in a large environment with hundreds of users, the potential to save mxds with passwords and share them creates huge problems.