If you selected the Password option for the web application, the web service reads the <UsernameToken> element, obtains the username and password from that, and logs in to the web application.
The web service does this for any value of the SECURITYIN parameter, except for IGNOREALL.
The username is available in the $USERNAME special variable and in the Username property of the web service. The password is not available.