i am puzzling over these thing now. i host my own site so i have complete control over things.
i can give a username and pw but i get the error wp-content not found.
subsequently i believe that i must create a user on the server called "wordpress" that will have its home dir set to /usr/share/wordpress (where wordpress is on my machine).
subsequently i can give write accesss privledges to the wordpress user/group only.
by restring read/write privledges to a wordpress group this could solve allot of the problems that might be coming from some admins setting file permissions to loosely which could open the door to hacking.
this is educated speculation but i believe it is the path to a more secure wordpress.