pgsql password when FreeBSD boots -- what's usual?

During the bootup monologue, in the middle of init-ing the usual daemon
processes, I suddenly get a Password: prompt. I enter the postgres
user's password for the one database I'm running, and pgsql prints its
name out and boot proceeds otherwise normally.

I'm pretty sure this is because I have password or reject on every entry
pg_hba.conf, so I thought I'd ask what most people do.

    local all      trust

seems not appropriate for production, and probably not such a good idea
for development, either? The trust option is mostly there for practice,
so you can learn how to set the postgresql environment up without having
to know how first?

I'm thinking that what I want to do is in the

    local all      md5

entry specify a password file, and specify the postgres user's lack of
password for local in the password file. But that still seems kind of
awkward to me.

Any better way to do this? I don't think I want to put the password in
the startup script, even if that's possible. Am I being overly cautious?

I should note that after logging in, I usually sudo -u postgres tcsh,
and use pg_ctl from there, and I never get prompted for the password. Is
there possibly something in the init I should fix?

--
Joel Rees <joel@alpsgiken.gr.jp>