Just to be SUPER clear,
a) a secret key lacking a passphrase is effectively perfectly secure as long as your CLIENT machine(s) where you have that file or a copy of it stored aren't compromised to the point where someone can read your SECRET key file. The SECRET key *is* like a passphrase in the sense that it is the secret effectively unguessible proof of authentication presented by the CLIENT to the SERVER. The benefit of the public key system is that the SERVER machine NEVER EVER GETS a copy of the SECRET key, so even if the server is backdoored, they can (obviously) get any unencrypted FILES you have on that backdoored server, but even after you SSH RSA/DSA login to that server, they still won't and can't know / discover your SECRET key. Whereas if you login to a backdoored server with a PASSWORD the server will effectively be able to steal your PASSWORD identity and use it for whatever other possible purposes there may be for that PASSWORD. So in all respects a PKI KEY DSA/RSA authentication is MORE secure than a PASSWORD system. If you leave a copy of your PASSWORD or your SECRET PKI key without a key passphrase on a CLIENT machine that is compromised, well, in either case you've lost. The PKI is no LESS secure than a PASSWORD in that case. The ability to specify a passphrase for the SECRET PKI KEY is effectively a PASSWORD (phrase) for unlocking your secret (PKI) PASSWORD. But if you keep the file(s) on the clients secure, it is irrelevant if you don't have a PASSWORD for your SECRET KEY. And, yes, the SECRET KEY stays with YOU / the connecting CLIENT. It should NEVER be stored on the public / externally managed SERVER to be connected to by the CLIENT backup application.
b) EXPECT can be told to EXPECT a fixed string and then (and ONLY then) REPLY with a given string. Hence
EXPECT: "PLEASE ENTER YOUR PASSWORD?"
SEND: verysecretpassword
...if it doesn't get the EXPECT string, it won't SEND the password in reply. Thus it won't send that unless the program actually asks for a password assuming you're using the system fully / correctly in that fashion.