I'd like to propose you small fix of passmass example script. When invoked with "-su" argument, "su" binary is called. It will be safer to call that binary with full path "/bin/su", to prevent e.g. stealing password with Trojan horse "su" etc.
The patch is attached.