Two issues with maxctrl:
1. maxctrl requires the maxadmin user password to be provided on command line (--password). A simple more secure solution would be to allow the password to be provided via an environment variable, but that is not totally secure since it is visible in /proc. Best solution would be to allow it to be passed via stdin, but that is currently not supported via tools (ie., not a TTY).
2. maxctrl does not have an interface (eg., maxctrl alter user) to allow changing the password of an existing user. The user must be destroyed and re-created with new password.