As you may or may not know, Filezilla, the extremely popular FTP client, stores all of your FTP passwords in plain text on your hard drive. While I strongly disagree with this practice, I also understand that there are reasons not to do so. It would be really nice to have some sort of option to encrypt the passwords, but I don’t see that happening any time in the near future.
There are actually multiple levels of danger in using Filezilla (and, presumably, many other FTP clients). Unlike a Web browser, where, if you choose not to use the password manager none of your passwords are stored; Filezilla still stores all of the details from your most recent connection in a file called filezilla.xml and all of the details from your 10 most recent connections (at least, the ones you make by typing the information into the Filezilla interface; which is the only way to connect if you are not using the Site Manager) in a file called recentservers.xml, even if you choose not to use the Site Manager. These are plain old XML files with all of the information stored in plain, non-encrypted text. The format of the entries looks similar to the following.
Earlier this week, I received a report that something fishy was going on with one of my websites. The report indicated that some sort of spam had infiltrated the site, informing users about great deals on pharmaceuticals. Needless to say, since we had not recently gone into the business of selling drugs (legal or otherwise), this was a bit suspicious.