The password for the mysql/pgsql user used by the pdb_mysql and pdb_pgsql modules is stored in plain text in smb.conf. This is obviously a security concern as it requires smb.conf to be readable only to the user as which Samba runs. This can probably be fixed easily by providing a mechanism similar to the one used for the LDAP admin password. I'm filing this bug report to make sure this will be fixed before the modules lose their 'experimental' mark.
See bug 3375. If someone wants to maintain these modules outside the Samba source tree, that is fine. But the source has been removed from the upcoming 3.0.22 release.