I noticed when using Openelec v3.2, RPi store the user's SSID and Wifi Passphrase in unencrypted plaintext in the 'settings' file located under 'addon_data>os.openelec.settings'. It is possible for someone to hijack this 'settings' file through various means and gain access to your Wifi network or "more". Why hasn't the RPi or the Openelec team chose a safer option to store this piece of important info rather than let it open wide for everyone to see. I discover this after I took my RPi to a friend's house to watch some movies and used my friend's Wifi network for a bit, in which my friend entered the passphrase without anyone seeing what it was. When I got home, and browse through the setting files, I notice my friend's SSID and passphrase was still stored in there and in xml plaintext. I was honest enough to let my friend know and told her to change it. Ended up she has to change much more than that as her Facebook and Email account consist of a similar passcode(similar enough to be guessed based on the leaked wifi passphrase). Now, what if someone isn't honest and decide to use this maliciously. With so many and more people everyday using the RPi, this is a substantial security risk even though the RPi was meant to be a personal device. On top of that, this very file can be accessed without a password through other channels besides the physical one including but not limited to, WAN, LAN, Samba, WINS, SSH, HTTP, etc. I can't believe someone made it this easy to access a high level security feature that ppl have spent decades to develop the proper technologies and encryption methods to hide. Please someone fix this pronto!