The mailwatch applet stores the passwords used for each mailbox as plain text in the configuration file. This is an excerpt from my ~/.config/xfce4/panel/mailwatch.rc (with sensible strings altered): ... [mailbox0] host=mail.host.com username=user password=THEPASSWORD ... it would be a good idea to encrypt the password via some mechanism before storing it, so it is harder for anyone to retrieve it.
No. For a rationale, please see http://gaim.sourceforge.net/plaintextpasswords.php. Mailwatch implements #3. I've considered #1, but it hasn't been important enough to me given the time it would take to do it. If you'd like to see #1 implemented, please file a separate enhancement request. Please do not reopen this bug: pseudo-security "obscuring" of the passwords in the file is *not* going to happen.
Thanks for the quick response and the explanation of the rationale behind your decision. However, I still find it a security problem to store email passwords as plain text without some "extra layer of protection" on top; in fact my suggestion was actually a request for ideas on how to solve this issue, not a suggestion for implementing "security by obscurity" - probably I was not verbose enough. In the end, perhaps I'm being too paranoid by not trusting the security mechanisms provided by the operative system - but I feel there is never enough security when it comes to *email* passwords ... I guess it is a problem with no easy solution. Best regards