But because write credential into queries is very dangerous ( all the user who can edit the report may be able to get account information in queies), so we suggest you to generate access token by another application and update to parameter to previous quires
I completely agree with you that inserting username and password is not the right way to do this and I am against it as you are. I saw from the below url by default Microsoft is giving the token based on my login is there a way to import this into Power BI and capture the Token. Look for Request Preview Section in the below url, this will have the token, after sigining into the Org account. Not sure if this helps you.