This is what I use to mess about my laptop’s power settings.

for paid accounts (DynDNS Pro and Dyn Standard DNS), one can do the updates with TSIG.

This allows us to not use ddclient, thus not having our DynDNS.com password in a config file on disk. Obviously, if the key is leaked, an attacker can still wreak havoc with your DynDNS zone configurations, but at least they will not be able to log onto the web interface of DynDNS under your name.