I tested it online, apparently you cannot embed passwords when you've set
up Security/3000 to require session names.  I get "Expected Account Name"
instead.

Although I'm not sure at this point it is Security 3000 fighting back, or
is it because the session name I used plus the session name password is
greater than 8 chars combined.

I also tested it with WRQ's FTP.  It times out with a winsock error.

<From Paul Gobes>

It's time to try WRQ's ftp client. For username you need to supply the
session password. e.g.

            Server Name:    poopsie
            Username   :    paul/sesspass,manager.sys
            Password   :   < user password if any >

The only downside is that after connecting, your session password is
visibly
still part of your displayed username.