[inanutshellus]

Pidgin intentionally stores them in plain text. The logic, I believe, is that "light encryption" is worse than no encryption since it gives a false sense of security.

So rather than a reversible cypher they leave it plain so that their users will freak out and /not/ share their files with folk and will properly lock down their creds file.

[jeroenhd]

Every recent graphical OS has support for key management though, whether it is the key store on mac, the credential store on Windows or the key management tools that come with KDE or Gnome (I believe both share somewhat of an API).

It might be due to Pidgin's age but in modern programs storing this data in plain text should be a last resort for systems that don't do secret management for you.