diff --git a/resources/system_resource.inc b/resources/system_resource.inc
index 776c332..a11a4f5 100644
--- a/resources/system_resource.inc
+++ b/resources/system_resource.inc
@@ -92,6 +92,9 @@ function _system_resource_connect() {
 
   $return = new stdClass();
   $return->sessid = session_id();
+
+  services_remove_user_data($user);
+
   $return->user = $user;
 
   return $return;
diff --git a/resources/user_resource.inc b/resources/user_resource.inc
index fe2ff32..3d480b3 100644
--- a/resources/user_resource.inc
+++ b/resources/user_resource.inc
@@ -171,6 +171,8 @@ function _user_resource_retrieve($uid) {
     return services_error(t('There is no user with ID @uid.', array('@uid' => $uid)), 404);
   }
 
+  services_remove_user_data($account);
+
   // Everything went right.
   return $account;
 }
@@ -310,6 +312,7 @@ function _user_resource_update($uid, $account) {
     return services_error(implode(" ", $errors), 406, array('form_errors' => $errors));
   }
   else {
+    services_remove_user_data($account);
     return $account;
   }
 }
@@ -364,6 +367,9 @@ function _user_resource_login($username, $password) {
       $return = new stdClass();
       $return->sessid = session_id();
       $return->session_name = session_name();
+
+      services_remove_user_data($user);
+
       $return->user = $user;
 
       return $return;
diff --git a/services.module b/services.module
index beca236..5bf9145 100644
--- a/services.module
+++ b/services.module
@@ -500,9 +500,23 @@ function services_resource_build_index_list($results, $type, $field) {
   foreach ($results as $result) {
     if ($uri = services_resource_uri(array($type, $result->{$field}))) {
       $result->uri = $uri;
+      if ($type == 'user') {
+        services_remove_user_data(&$result)
+      }
     }
     $items[] = $result;
   }
 
   return $items;
-}
\ No newline at end of file
+}
+
+/**
+ *  Helper function to remove data from the user object.
+ *
+ *  @param $account
+ *    Object user object.
+ */
+function services_remove_user_data(&$account) {
+  // Remove the users password from the account object.
+  unset($account->pass);
+}
