No, it’s the Stable repo password for your Appliance ID only.
Yes. We had limited options and it’s akin to the system used by the SLES ‘paid/subscription’ repositories. I.e. zypper basic auth repo access.
The credentials used are stored on your system and used for no other purpose than to access the stable repo. And that repo (in the 15.3 variant) is currently empty at that. But not for long.
If you wanted to avoid this you could temporarily subscribe to testing but not update and ensure you have no auto update in place. And when you fancy jumping to the next stable release subscribe back to stable, do the update, then back to testing and again not update. The testing repo does not use authentication so your regular zypper checks will not involve this credential use.
You may also want to look at our recently revised doc entry on the Web-UI update mechanisms as there is one where you update everything except the ‘rockstor’ package. And currently only the ‘rockstor’ package is hosted in both the testing and stable channels. This didn’t use to be the case but we have managed to keep it this way for our openSUSE version.