That's not quite true; the data in unix passwd file is not the input data, nor is it equivalent to a stored plain-text password. Getting a password from a passwd file entry required reversing a one way hash function - not impossible using a password guessing app, but it's a long way from 'giving away your password'.
If apps on the N900 are storing passwords or password equivalent tokens unencrypted in predictable locations, then that is a bug, and should be filed as one.