Thanks for your inputs Glen....appreciate it.. But still my picture remains vague!! 
When a RFC call is being executed it connects to the destination via an ID...so for its authentication it requires a password..So does someone manually type it in?? or the password gets fetched from the logon security tab in SM59?? If an user manually types in then the password needs to be shared to every such user who needs it...