I'm working on a solution that would allow users to action work items from the email message via a blackberry.  I've seen the best practice document (http://www.k2underground.com/forums/thread/18017.aspx) and that's incredibly helpful, but one question I had was if the users are using devices that aren't on the domain, can it work with Forms or Basic Authentication?

I'm sure that I could use an account with elevated permissions, but that seems like a bad idea from an auditing perspective, it would also allow a user to action any item pretty easily if they could figure out the Serial number.  In the event that I have to store credentials used to connect to the server, what's the best "K2" way to store connection information?  (e.g. I know that I could use the registry or the DPAPI to store connection information, but I'm assuming that there's an accepted standard in K2)