If we ignore the possible security implications, then yes, I believe that would work for me. If the proxy has enough information to be able to authenticate a connection with the backend itself, then that should give me what I need.
If I could look at each pooled connection to see what user auth'ed it and then if there is no connection belonging to the user I need, open up a new connection with that users name & password and use that - yeah, that should work.

As for using clear-text passwords; naturally that has to be done in order for the proxy to be able to intercept the passwords, but it puts a lot of clear text passwords on the wire which makes me pretty uncomfortable - especially as this is not an environment where I can trust the users.

This problem could be solved if the proxy was to support SSL so that we could send the clear-text passwords over an encrypted connection. But that then presents a new problem in that I would then need all my users to change how they connect to their database, but at least having the option would be great.