I also have noticed that RegisterAll reads database superuser credentials from the properties file. This is OK for the single-process example because the database is usually embedded anyhow, but for the multiprocess version embedding the credentials seems more risky, so we will need to address this, I think.
There are two possible solutions I can think of here. The first possibility is to store the password in an obfuscated form. We already have some obfuscation/deobfuscation code that can take care of this. The second possibility is to accept the superuser name and password as command-line arguments to the RegisterAll command (or InitializeAndRegister, if we change it).
If we adopt the first approach, then I think we would definitely want to share the code with the single-process example. In order to maintain backwards compatibility, I'd introduce a new parameter: org.apache.manifoldcf.dbsuperuserpasswordobfuscated. Use the unobfuscated password only if the obfuscated one is not found. We'll also need a script to do the obfuscation, but I'm happy to write that.
The second approach puts the onus on the user for maintaining the security of their passwords, but it only applies to the multiprocess example at the moment. But we could modify the single-process example to optionally take these credentials from the command line also.