Description
The hg clone and update command can support embedding the username/password in the url
e.g.
hg clone https://username:password@bitbucket.org/username/privaterepo
this url contains the password in the clear, so log messages should maybe remove this. In addition, the password will be in the .hg/hgrc file of the clone, so that may need to be cleaned up.
On the other hand, these logs and rc files are in the same location as the config.xml which also contains the password in the clear, so maybe this is not necessary - check with security team.