> From a design standpoint, if you find that you have to recompile a middle-tier COMPONENT everytime the login info has to change - I would submit that is a bad design...

Who said anything about recompiling? Your component can impersonate an NT account (via COM+ application or DCOMCNFG) that has persmission to the database. Or you could use any number of alternatives that are at least as secure as storing account information in a script (registry, ini file, etc).

The argument that security in the middle tier is bad is pretty thin.