I would prefer the JSS mobile applications by default not to store the password for accessing the JSS. If one really wants to do so, this should be optional but not recommended.
NSMS - Oxford University Computing Services
As a whole, I'd prefer to see the entire Client-Server communication model
move to certificate-based authentication rather than password based.
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420