While not exactly what you asked for, one alternative might be to use Ken Chamberlain's LIB tool and hardcode the passwords into a compiled exec. LIB allows storing the exec in a separate virtual machine and transferring it into the user's virtual machine directly into memory, so no "file" copy actually exists in the user's virtual machine (and no LINK required). LIB provides security levels, some forms of password control, version control, and is a fantastic example of how to use IUCV to move data really, really fast between systems. (It's remarkably useful for maintaining common minidisks or software collections as well as it's original purpose of maintaining COPYLIB members). Execution of FTP would then look like 'LIB EXEC SOMEFTP EXEC' with all the parameters self contained; no copy of the exec or data is ever accessible to the user outside program execution.
You might also be able to use LIB to just maintain the NETRC file and retrieve it onto a CMS RAMDISK (thanks, Arty!). While not as secure as the exec approach (a clever user could get at the file if they could escape from the FTP client), at least it would give you more sophisticated control of the file itself and not rely on public access to the file. Neither method involves RACF, but RACF support could easily be added to LIB if someone really wanted it. LIB should be available on the VM Workshop tapes available in various places around the net.
