With DynDNS Pro there is no way to have a separate password for each host, but you can use the Client Updater Key instead of the account password for DDNS updates.
In case you want to offer such hostnames to your customers, then this is the wrong unintended purpose for this service. This is not recommended. The service is for own use only, and therefore your security concerns do not really apply.
If a host running an updater client were compromised, and the username and password for the account was stored on that host, then how would a customer's account be protected from abuse?
Neither does a host run an updater client, nor are credentials stored on a host. How are customer accounts been protected from abuse? They are protected by your credentials, and it is up to you how strong your credentials are. If something is compromised, then your credentials were too weak.
Why do you ask such questions? What is your scenario which is so insecure and weak?
As Rot had shared, Remote Access services were intended for personal use, not businesses who support clients. As such they do not allow for multiple user log ins. You can choose to generate an updater key which would be used in place of the password for the account, however if you generate a key all devices associated with the account will require you to reenter the newly generated key.
The alternate is to create a unique user account for your client and purchase a service pack to be used on only their devices.
Oracle + Dyn