Fun Pidgin

why not have it optionally use kde or gnomes wallet?

I don't see why not if you are using one of those window managers. I guess I was thinking on more of a multi-platform scale feature, so something so basic could be available to everybody.

Last I checked XML had comments. Huge warnings saying that these passwords are masked and easy to decode would solve the problem just fine.

I've wanted a master password on gaim for YEARS. I don't want to type 50 passwords every time I have to restart the computer/the IM program, so I'm stuck with anyone who can get on my computer when I'm not looking being able to load up pidgin and have their way with my contact list. Boo to that. I don't think tying it to a billion keychains as in gnome, KDE, whateverthehell for Windows, is a good idea, a pidgin keychain would do the job nicely.

The XML file is where the attacker would look, not the naive user. The warning should be displayed as a message box whenever the user checks the "Save password" checkbox.

I don't care what the reasoning is. It disturbs me whenever I can do a plain text search on my computer for my password and files come up. The fact of the matter is that most of the people who would WANT to steal your IM passwords are going to be idiot friends that are getting on your account to mess with you, not the full-blown hacker. Yes, they're easy to crack, yes the protocols are insecure, but that's no reason to allow even easier access in another location. Currently any idiot with a desktop search box can find the password file. I agree that the file should be treated with care, but shocking users into protecting the file to the best of their ability while forcing them to keep it unencrypted is not the way to go. This has to be the STUPIDEST "feature" of pidgin, and the main reason that I'm looking into carrier. It's quite a disappointment that some form of masking hasn't been implemented for the password.