From a quick search it doesn't look like they are, and there's no explicit law on who "owns" a password. Consensus right now is to operate under the assumption that the maker of the software is the owner of the password, not the user.