Seems best to not include passwords in syncing. There's a setting for that.
IMHO, your question is a good one. Seems like if syncing to and from the cloud were properly set up, then one should be able to change the sync data in the cloud and stuff like passwords (and more) would be eliminated for other devices that synced to the cloud sync data.
If there were a modest sync manager, one could control what was and wasn't synced from the cloud data to any particular device by logging in and making a few quick adjustments.