> Sorry - I'm still not with it - Why don't your uses change their own
> passwords?

Because standard security database does not allow it using user's account.
(I know you know that :-)

> My apps provide for an admin of the app to add/delete users and reset
> passwords. Each individual user can modify their own password only. Why is
> there a need to drop tables?

In standard security database, there is Select grant on USERS table granted to Public.
It means every user with valid account can find out list of other users,
and list of their (encrypted) passwords. Once you download these passwords,
you can crack them much faster locally. You can prevent it by renaming USERS
table (hence the need to drop it) and creating USERS view.

Ivan