Since it is supported out of the box, you should consider using public key authentication for passwordless access.
ssh passwords are much easier to brute force than keys or if someone sets up an account to make this script work as is, the device is easily compromised.
Hostkeys should be enforced and updating them on a different audit-able cycle from this script should be considered if security is a concern. To do that from the command line you can use
Hostkeys make sure that the remote device is the device you expect it to be. If the key changes and you had not done anything to cause the change, you should treat it as a rogue device.