FileZilla's storage of passwords in plain text is plain irresponsible -- luring users to store their passwords in plain text for malware to scoop up at leisure, the gift that keeps on giving for the botnets.
FileZilla is not responsible for the user keeping his/her system clean of malware infections. It is meant primarily for experienced users, anyway. I agree that FileZilla should not save passwords by default, though.
if trivial malware can get through why can't the O/S be entirely compromised
If malware manages to get on your machine, you lost. It can do everything you can, and more. Watching memory and HDD, log your keypresses etc.
The storing of passwords should be disabled in FileZilla until an option for securing them with a master password is available -- like FireFox provides.
Yes, it should be disabled by default, with a big fat red warning if you decide to opt-in.
## BEGIN SIGNATURE BLOCK ###
FTP connection problems? Do yourself a favor and read Network Configuration
.All FileZilla products fully support IPv6. http://worldipv6launch.orgAll support requests per PM will be ignored!
### END SIGNATURE BLOCK ###