This is related to the issue http://nuget.codeplex.com/workitem/1744
the current implementation of packageSourceCredentials is effectively worthless. It requires bonding passwords to specific machines, there is almost zero use case for this to provide value. The only scenarios this has any meaning would perhaps be in an iron fist ruled network where developers aren't even given direct access to their internal nuget feed.
packageSourceCredentials really just needs to support plain text passwords. Some suggestions
<add key="PasswordPlaintext" value="RegularPassword">
<add key="UnsecurePassword" value="RegularPassword">