I always use for i ...... -- bad habit. i should have been domain. The passwords are all of the type login: webmasterfoo, password fooretsambew. They are temporary passwords for internal use before we give them to the customers. They then change them to whatever they want. So it is not a security issue.
All domains have their own IPs and are configed in DNS. I honestly do not know enough about this to discuss pro/con. I am fairly sure that things we are doing are wrong. However it has been passed down thru the sysadms who have worked here and would required re-doing many many servers to change. I am looking into this to find a "best" way. I believe that apache's virtual domains is merely a piece of the pie.
