but what security does that gain you? if someone gets your encrypted/hashed password, he can still log on. the pgpass file has to be permissions 700, so only YOU (and root) can read it.
Exactly this. If you want a script to authenticate to postgres (or anything else) then somewhere you need something to be in the clear, whether it be the key to decrypt the password or a private key. If you can't trust the local file system and users, then you can't do what you want.