I wonder if this is the issue you are seeing?
To confirm this, delete the following file and try again to see if you are asked for a password when opening the sv2i file:
\Documents and Settings\All Users\Application Data\Symantec\RPAM\RPAM_Cache.dat
You are right, this has been an issue for a few years now. I have raised this internally again but ultimately the decision to fix (or not) is out of my control.
One thing that is worth mentioning is this; my understanding is that the password is cached on a per-user basis. In other words, if user A logs in and provides the password, it gets cached. If user B logs into the same machine and tries to access the recovery point, they will be prompted for the password.
I don't know the exact scenario for your environment but maybe this makes it less of a security threat for you. Let me know if you have any additional questions or comments.