Is it improper to send password in all receipt verification calls ?

When validating a receipt for an auto-renewable subscription, the password field is required.


However, is it improper to include the password when validating regular (non-subscription) IAP receipts?


Will the password field be simply ignored for non-subscription receipt verification?