There's no ACL for most git clients, they use standard HTTP credentials. Transport security is handled by SSL, we obviously don't expect you to pass this stuff around in plaintext!