Improve client password protection

I'd rather vote for removing the feature. You should lock the computer if you don't want other people to access it.

While I agree in some ways that the protection should start from the OS level, I would still like to improve the client password protection feature so it extends to encrypting files like favorites.xml( or possibly atleast hub passwords ). Plain text favorites.xml is kind of a security risk for hubs. Ofc you can use other software to encrypt files in computer, but you can also use other software for limiting connection speeds.
Openssl could be used to encrypt/decrypt the file or passwords using a pass phrase to unlock during startup.

I don't see how that helps. If you have access to the config file, can't you just kill the app and edit the config file.

The password would not be saved anywhere ofcourse, it should be used to decrypt the favorites.xml using keyfile and passphrase of openssl encryption. (the password cannot be recovered)

The favorites.xml itself would not be unencrypted in the disk. Ofc this isnt completely secure for a running client, but it hides the data and cannot be accessed in <any> way when the client is closed. However, it doesnt bring major improvments for hub security on a running client because most hubs allow users to display their hub password with a user command.

To fix that, the client should be locked and the display from tray for example, should be protected by verifying the keyfile and passphrase entered. But for starters i believe that hiding the plain text information from favorite hubs would be still an improvment to security.