Compromising personal security for the sake of convenience. I have FlashGet 1.4 (the latest release), and never allow it to dial up on its own. Consequently it has no dialup details for me, and thus nothing to store. This is my standard practice with anything which has that capability, including my dialup connection itself. Plus nothing but nothing gets past my firewall without prompting me first.
So the user gets to choose, as with most programs. Do they want the convenience of automatic dialup and action, so reducing your security. Or will they be sensible and monitor and supervise all activity on their computer?
FlashGet stores dialup credentials in a user-accessible registry key. The username will be stored in plaintext and the password will be hex-encoded. As a result, malicious local users may obtain these credentials. This presents a security risk if dialup accounts are not shared between users on the system.
This issue was reported in FlashGet 0.9 through 1.2. Other versions may also be affected.
http://www.securityfocus.com/bid/9192/discussion/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic