Password authentication mechanism in RIPv2 is meant to protect against accidental misconfigurations and is the only way of configuring ampr-ripd routing. As it is UDP based and relies on source of UDP packets, which is easy to spoof, current routing infrastructure is vulnerable to unrestricted injecting of 44/8 routes to it's gateways - anybody can send forged RIP updates to them.
Furthermore, portal.ampr.org allows anybody with valid email address to route any 44/8 subnet through any IP address, not only subnets assigned to account in use. There're no restrictions to do so and it will stay there and get broadcasted until somebody notice.
So, there're at last two ways of disrupting whole AMPRnet network topology and both will make nodes send traffic to any hosts. Is it really the way it should be?
If changing RIP to some more secure protocol is not an option, maybe at last implementing RFC4822 would do the job?