The way that I've seen the cloning issue handled is either; A - The production DBA does the cloning and sets the passwords to something innocuous before handing over to the development DBA or B- The production DBA temporarily changes the paswords in production, takes the backup and hands it and the temporary passwords over to the development DBA to do the development database build, and then sets the production database passwords to something different.