Generate development passwords.

I see little risk in using known passwords here, but it's such a bad
practice that I'd rather avoid it entirely.

(The worst case I can imagine is that a malicious process running on the
developer's workstation would be able to manipulate the configuration.)