- Igor Novoseltsev brought a patch that introduced two new options to

curl_easy_setopt: CURLOPT_USERNAME and CURLOPT_PASSWORD that sort of
  deprecates the good old CURLOPT_USERPWD since they allow applications to set
  the user name and password independently and perhaps more importantly allow
  both to contain colon(s) which CURLOPT_USERPWD doesn't fully support.

lib/urldata.h

@@ -1334,10 +1334,11 @@ enum dupstring {
   STRING_SSL_EGDSOCKET,   /* path to file containing the EGD daemon socket */
   STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
   STRING_USERAGENT,       /* User-Agent string */
-  STRING_USERPWD,         /* <user:password>, if used */
   STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
   STRING_SSL_CRLFILE,     /* crl file to check certificate */
   STRING_SSL_ISSUERCERT,  /* issuer cert file to check certificate */
+  STRING_USERNAME,        /* <username>, if used */
+  STRING_PASSWORD,        /* <password>, if used */
 
   /* -- end of strings -- */
   STRING_LAST /* not used, just an end-of-list marker */