This is an security problem that has been rehashed numerous times, but I've found that none of my friends seem to know that it is an issue. Note that if you're someone who keeps all of your passwords on a sticky attached to your monitor, you probably won't care about any of this. I love Firefox and rely on it heavily, but one thing that has always bothered me is that its password manager stores passwords in plain text and by default, allows anyone at your computer to see them. You can see this for yourself, and if you're like me, it will probably freak you out to actually see your password written out.
In Firefox, go to **Preferences->Security**:
Click on **Saved Passwords**, and then **Show Passwords**. Firefox will ask you if you're sure. Click **Yes**, because that's what someone snooping around on your machine would do.
Surprise! All of your passwords are there, in plain text.
Note that Firefox does offer a "Use a master password" option in its security dialog. This does prevent the casual snooper from seeing your passwords, but it also prompts you for a password
every time a webpage wants to auto-fill a password field once per session. In my world, that happens 20-30 times a day (if not more). Unacceptable. [Corrected: John Lilly wrote me to let me know that Firefox only asks once per session. This behavior is totally usable, but there are still some issues. When I launched Firefox with more than one tab open, it prompted me once for each tab.]
1. Uncheck **Remember passwords for sites** and use [1Password](http://agilewebsolutions.com/products/1Password). I swear by 1Password, and everyone I've demoed it for starts to use it.
2. Switch to Safari, Chrome, or Camino, all of which use Mac OS X's Keychain to store passwords securely.
I'm going to stick to Firefox -- for now -- but it is a huge convenience FAIL that I have to turn off the feature to save passwords. As more plugins start to appear in Chrome, I'm more and more tempted to Switch; this security issue is the number 1 reason.