We discussed a similar code kurfluffle the other day over at Eisenmann vs Comiso on the 'Is Antarctic sea ice really expanding?' forum.
Anything scientific paid for with government or charitable grants is in the public domain. It would not be possible to publish a paper without the peer reviewers having full access to the code purportedly used to generate the paper. You can't hoard anything material to a paper whether that be a mouse line or a line of code.
If someone wants to work at home on their own computer and on their own time as a startup, fine, but be prepared to thoroughly document your firewall. You have to understand that your university is intent on getting royalties off your work and your govt is not real interested in buying again something they already paid for.
I was involved one time in an uncommon situation where the IP actually interested the outside world. The university was all over us with policies and rules about getting their cut for doing nothing. So it ended up freely available to anyone .edu and $50k/pop for .coms but they got quite a bit of handholding for that. The paper just got its 3,000th citation today which is the real coin of the academic realm.
For sea ice, I see the occasional paper thanking exxon-mobil etc for their support, meaning they had early access to what would not have happened without them for a lot less than in-house. In most cases that access wouldn't remain exclusive over time.
Here I think the password is there simply so you have to request it, identify yourself, say what you plan to do with it (hopefully something more creative than scooping them), agree not to distribute the code further yourself (as bugs fixes by the original authors would not get propagated and they would get blamed), maybe agree not to fork the code (ie not share improvements with source authors), and above all make sure visitors know how to cite the code originators. These are reasonable conditions but unlikely to be accomplish anything.
I agree with everything that 'themgt' says above and would add that I find code management in these little scientific enclaves behind the times. It sounds like someone in Comiso's group was making what they thought were minor changes in code but not documenting those changes, much less versioning them. Then they turned out not to be minor but nobody can recall just what the changes were, who made them, or why.
That's really unacceptable. I mean, just look at wikipedia. Nobody can touch a page without it being indelibly recorded who did what when and above all it remains easy to walk back changes as far back in time as you want. Just talking about pennies of storage cost here.
It also sounds like Comiso's group were not checking out code sections to make improvements and then checking them back in for centralized QA. This leads to a nightmarish situation over time with people inadvertently overwriting each other and inexperienced coders doing repeated damage before being detected and trained. Academic backwater stuff, doesn't scale.