I just added a tutorial for Creating Secure Web Services for use with ASP.NET AJAX and the DotNetNuke framework. When I finished the tutorial I noticed that there is a lot of code that you would need to be implemented over and over again. The next version of IWEB will address this.
Basically, we need IWeb Core shared/static methods that can be called to place the encryption key into the personalization settings, and IWeb Core methods to unencrypt the password and determine if it is still valid.
Of course any code using the current example will still work with the next version of IWeb.