Agreed, this is confusing, especially since SampleSyncAdapter represents some of the only documentation around these classes. That said, I think the comment is the mistake here, since both the AbstractAccountAuthenticator and the service rely on the password. I have filed a bug for clarification:
http://code.google.com/p/android/issues/detail?id=40878&thanks=40878&ts=1354582803