- Are you using Firefox?
- Do you use the "Save Password" feature for web forms?
You are probably assuming, that some geek security freak at the Mozilla Foundation made sure your passwords are safe, encrypted one-way into a unbreakable AES/MD5/SomeHashBuzzTLA.
Well, they are not.
Follow these steps:
Open the preferences screen in Firefox (this is the OS X version, but the Windows version is just the same)
Click on "Show Passwords"
We're not there yet. Click "Show Passwords" one more time (it can't be that easy), and get the following:
I blurred the images for obvious reasons, but you can guess how it looks - the entire site/username/password list is there in clear text.
I know this "feature" is well documented if you bother to look it up, and it can be somewhat mitigated if you place a master-password over the configuration. Still, I find it unacceptable for a browser to behave this way by default.
My recommendation - assume passwords saved in Firefox are compromised to begin with, and only save passwords for sites where you don't care if someone knows the password.