[Nut-upsuser] Passwords not verified in upsmon?

[mt]

Hy list,

first of all - yes I have read the docs, but obvious I must have missed 
something. The user/password setting in upsd.users seems to be ignored 
and I can monitor the ups with some arbitrary password.

The following setup is working:
Server A has nut installed and has the following config:

upsd.conf:
ACL localnets 192.168.101.0/255.255.255.0
ACL localhost   127.0.0.1/32
ACL all 0.0.0.0/0
ACCEPT  localnets localhost
REJECT all

upsd.users:
[admin]
        password = hardertoguess
        allowfrom = 64me
        actions = set
        instcmds = all
[upsmon]
     password = hardtoguess
     allowfrom = localnets
     # give the rights required by a monitoring host:
     upsmon slave


Now, if I run upsmon on a Server B with
upsmon.conf:
...
MONITOR mainups at ServerA 1 upsmon wrongpassword slave
...
Everything seems fine although Server B does not have the correct password.
Is this intended or what have I missed?

Micha