However, i think it is a security vulnerability that, WITHOUT knowing this password, someone can just start WinSCP and browse through my accounts and read everything except the password. That opens the door for a brute force attack and gives info about the server that might be vulnerable.
I would prefer it to be like this: immediately after WinSCP gets started the program asks for the password (absolutley nothing can be done without it).
It would also be great if the other ftp account related info in the config file would be encrypted, too, to make the security watertight!
Thank you for your time!