I do not know anything about your network. But it is quite common that your profile (including WinSCP sesttins) is stored on network servers and it is accessible for you from any desktop connected to the network.

martin wrote:

Sorry, I do now understand what you mean by "the installed version contained my saved session, with the password". If you have copied your configuration, then you have copied your password too. That's natural.

Certainly. What I mean is something different: I installed winscp on 2 computers located in the
same office and not connected to each other.
I first installed it on PC1 and saved a session
with the password. Then I shut down PC1, powered up
PC2 and installed winscp on it. When the installation
was completed, the session saved on PC1 was already
present on PC2, complete with the password.
Once again, I did not input or save this session
on PC2; it just came in from the internet together
with the application.

Sorry, I do now understand what you mean by "the installed version contained my saved session, with the password". If you have copied your configuration, then you have copied your password too. That's natural.

I installed WinScp on a PC and stored
a session with a password.
When I installed it on a laptop using
the same internet connection (but
a different IP, clearly), the installed
version contained my saved session,
with the password.
This is truly scary: how is this
possible at all?
Has my password been compromised?