I would recommend you to use an ssh key like I did recommend here in the past. I'm in a bit of a rush, so I'll just lazily copy-paste my previous text and modify it for rsync purpose. :)
Using ssh keys do have one unique feature compared to password login: you can specify the allowed commands. This can be done by modifying ~/.ssh/authorized_keys file at the server.
For example,
command="/usr/bin/rsync", ssh-rsa auiosfSAFfAFDFJL1234214DFAfDFa...
would allow only the command `/usr/bin/rsync" with that particular key.
You can also specify the allowed hosts for the key:
from="yourclient,yourotherclient", ssh-rsa auiosfSAFfAFDFJL1234214DFAfDFa...
Or combine the two:
from="yourcyrusserver", command="/usr/bin/rsync", ssh-rsa auiosfSAFfAFDFJL1234214DFAfDFa...
With keys you can also grant temporary access to some user (say, a consultant) to a server without revealing the password for that particular account. After the consultant has finished his/her job, the temporary key can be removed.