I give it another shot to clarify, just to make clear what I see (and what people at the devdays sometimes run into).
Say you have two nodes, A and B. both are initialized with creds a/a and b/b. Now everything is fine, because you can only add node B to node A if you supply the correct credentials. great.
But say node B is initialised. Now you can pass in the credentials of foo/foo and it will still work. I'm aware that behind the scenes HTTP will ignore it and its maybe hard to fix, but from a user perspective it just doesnt feel right. Say the user passes in foo/foo to add node B, but when he wants to log in to that node its of course a/a. This is the same as if we would allow passing an arbitrary password to the default bucket, but we dont allow that. If it has no password, it should only accept _no_password.
Its just the flow of adding nodes that becomes unintuitive (even correct from a technical perspective) for poeple when managing a set of nodes. The user has no deterministic way to see if the node he wants to add is init or not.
I hope that clarifies a little more where I want to go with this.