It's almost always bad to store passwords in the clear, as opposed to hashed. Thankfully I don't use their FTP service but it doesn't inspire confidence about the authentication handling in the rest of their operations. -Cam (concerned customer of Heart Internet)