programmatic interface into admin

hi all,
I am trying to programmatically administer postgres. Spefically, interested
in adding new user, deleting an existing user, creating and deleting
databases for a user and modifying user's password. I know that all the
above (except for password modifications) can be done using JDBC calls into
the postgres database and modifying the template1 tables. My questions are

1. Is there a security risk or any downside in interfacing directly with
postgres using jdbc queries and not using the system command line utilities
2. Can I programmatically modify the user's password on the postgres system.
Is the password of the user stored in any other place other than the
password file specified in my data directory. Is it a crypt function that
generates the password and stores it in the password file. The obvious
solution to the problem is to use a series of expects with perl on the
remote system.

thank you for your time.

rajesh