[quesera]

Yes this is the proper dogma, but you're missing the point.

Any automation around passwords is a crutch and a mistake. But sometimes it is necessary.

You don't always control the remote systems. The remote systems are not always capable of key-based auth. And sometimes the remote system is not of high concern so the "danger" is null.

sshpass makes a reasonable effort to do the best-possible thing under these less-than-ideal circumstances. The other options suck more.

My most recent use of sshpass is to collect reports from a vendor over sftp. I would have preferred to use https with BASIC auth, but in truth that has exactly the same problems as sshpass, and I have other hills to die on.