Don't save FTP password
When you need to use FTP, show a window to enter the password, and save in the session (temporarily).
This already exists in both 1.5 and 1.6, just don't save the ftp password in the Global Configuration, every time that the joomla need to use the ftp it will ask the password.
Ze Krioca commented
the fact is that is not safe transporting plaintext arount there..
Fagner Lemos commented
This exists in WordPress, and I also think a good idea for the Joomla. Very important for the security on a shared server.
Augusto Carneiro commented
On a shared server environment this could be interesting. Other CMS like wordpress already do this. Anyway, files with plaintext passwords are always a bad idea and should be avoided.
Romulo Pires commented
This is a very good idea to implement the security!