Nodes not being updated is irrelevent. When you run a full node, if a vulnerable node communicates bad blocks to you, they get ignored because the chain with the most work is the one that gets accepted.

Mining pool passwords are for submitting blocks to the pool. Maybe this can be used to steal a miners Bitcoin? But can't see how it could be used to forge bad blocks or select for empty blocks or anything worthwhile as an attack. Maybe log into everyone's accounts and change everyone's passwords so no one can submit blocks while you get a 51% attack off? File that under shit that only works once though.