Paul Collins wrote: > Why are they world-readable in the first place? I figured authentication They aren't. It's a philisophical position that they can be read, somehow. This is why we use one-way hashes for passwords rather than storing cleartext.