Password as clear text ... is plain stupid, right?
Or, maybe you meant the encrypted password is sent as plain text?
Send the same Login "data" to the server from a normal browser to better see what you get back from the Server?
Apparently Nissan can change the Userid/Password on an account for a real car, so they could make one of the test-drive (or Demo) cars available for our testing of CARWINGS.
Since one family might have several people trying to access the family's one LEAF, they really NEED to test out the effect of multiple simultaneous login attempts and accesses anyway (rather than just assuming that it will never happen).