Multi-user chat rooms can be password protected. Openfire, on top of what's defined in the MUC specification, defines a role of 'sysadmin'. These are users that, conference-service wide, act as super-users (fairly similar to the 'owner' role).
sysadmins should be able to join password-protected rooms (bypassing the password).
We should make this behavior configurable, to allow for it to be disabled.