A batch file will usually run in the security context of the user that kicked it off. Its worth making sure the user context has the required access to tables stored procedures etc ( read, update etc ) as well.
Be careful too if you are passing user crededtials from a web site on the internet to the SQL box - its an accident waiting to happen unless its an encrypted link ( people can "sniff" network traffic to capture the username & password). Alternatively, you could have a web page that updates a field in a table and have a job on the server that scans the table for a change in value, then kicks off a DTS package. This stops credentials being passed around the network.
Great information and very unique way of getting around the username and password thing. I was expecting that I would have to encrypt but with your suggestion I'm thinking I'll try the table update you suggested.
I was fairly sure about the security context but I wanted to double check.