Comment 3 for bug 843186

OK - we can fix (the code, spec, or both). Before I do so, do you agree with the design intent of allowing the spec to support no password and having the backing store determine whether that is allowed or not?