Frankly speaking, it is a bad design today to have single root password from whole cluster. However, erlang interconnect is a so close and intimate connection between nodes, that same cookie may be ok, if there are other security checks before it.