Having the data encrypted is nice but if the database is stolen it can ve read by another installation. Obviously if data can be encrypted then it can be decrypted.
What would make this program more secure would be to have some sort of third party key file to go along with being able to read encrypted data from the data source.
This way even if the encrypted data is stolen, without the key file the data cannot be decrypted by another instamce of the program.
Further, The datasource and the keyfile can be stored in seperate locations.
A good implementation of this is found in an open source password safe program I use called KeyPass. Without the key file the database is useless.
Also in the meantime would like to see the option to encrypt the data going into the database turned on by default.
Even though I dont save passwords, any information seen in plain text can be used to aid in compromising a system.
<em>edited by xcentric on 9/18/2010</em>
These are excellent recommendation, we are working on adding more security feature in the next major update. For the automatic encryption, I will try to add this soon as a database option.
Thank you very much