IN SUMMARY: ALWAYS USE A UNIQUE PASSWORD FOR YOUR NST CDROM! Never use a password which you use to access other systems. This includes any hard disk installation of the Network Security Toolkit.
Setting the password in the ISO image file is supported and convenient (you won't have to set the password each time the Network Security Toolkit boots). It has the following security issues:
In order for the NST to use your new password as a parameter to the nstpasswd command, it must be able to recover the original password you entered.
In order to recover the original password, the password is stored in a simple REVERSABLE format on the ISO image. This violates RULE #1 of password security. On a secure system, one way functions should be used to store passwords. One way functions make the recovery of the original password extremely difficult.
This means that if a evil person with computer skills were to steal your Network Security Toolkit CDROM (as if you would ever let that CDROM leave your hands), they would be able determine your original password.
So, one might wonder, "If setting a new password on the ISO password isn't very secure, why do you permit it?"
There are two reasons. One, it is very convenient. Two, it really isn't that unsecure as long as you don't use a password which you use on other systems. If someone steals your CDROM, you should assume that they now know your NST password. But this really isn't a big deal as long as you only use that password for your NST CDROM. In addition, it would be of little value to the culprit to commit such an act (if they want a Network Security Toolkit CDROM which they can boot from, it would be easier for them to download a free copy themselves).