I like how the vulnerability is in the path that (a) attempts to write the password in reversibly encrypted form to disk [0] and (b) has a weird fallback path that writes it in clear text. Sigh.

[0] cPabel seems to be from 1996. We’ve known this is a mistake since before 1996.