I'm glad you like a feature that doesn't even increase security.
But it does. It is much easier for malware to just wait until some date in the future, and silently read the password file. This could be hidden in any kind of program, it doesn't even have to be continuously active or run in the background or do anything. And it doesn't depend on FileZilla running or the user doing anything FTP related. A program can just wait until whenever it's being run after some date in the future, and steal the passwords.
Now with this new security feature, malware would have to run continuously in the background, access FileZilla's program memory (which isn't always possible), or run a keylogger, or intercept traffic (which still only works in case of plain FTP), etc.
It's just like you say: attacker category A and B. There is a HUGE
difference between those two. Category A doesn't have to be active, or keep running in the background. It can attack at just one random moment, and FileZilla doesn't have to be open at the same time.
Category B on the other hand requires to be actively running in the background, constantly monitoring or intercepting stuff. And it requires FileZilla to open connections during that time. You mention two kinds of "passive" attackers in category B, but they're not passive at all. Not actively running = no attack vector.
1. harder to implement
and more importantly
2. MUCH harder to do unnoticed
So thank you! Thanks a LOT for finally adding this much beloved feature! ♥
Can I donate somewhere to express my gratitude? Do you accept bitcoins?