For me, it is a misleading name because it gives the feeling we can trust. I would prefer authentication_none.
No, they could just get it from the repository. By the way, I think the repository should be under tpf to clearly shows it is unsupported and not standard.