I think we should stop passing any(more) login credentials via the list.
Please call, or at least contact the users directly.
Since we'll potentially have many people accessing this server we have to be very careful about what groups/rolls those people are in to minimize risk of compromise.
I am in no way suggesting that anyone on the list isn't trustworthy, after server take-downs, DDoS's and an apparent animus towards our efforts we must be very careful.
ssh key only access for most accounts would not be a bad idea.