FileZilla FTP client by default silently stores all entered FTP usernames and passwords in plain text.
Passwords may be stored in the following locations.
Path:
Windows XP: C:\Documents and Settings\user.name\Application Data\FileZilla
Windows Visata/7: C:\Users\user.name\AppData\Roaming\FileZilla
Files:
recentservers.xml
sitemanager.xml
filezilla.xml

To disable this default behaviour:
1. Copy file C:\Program Files\FileZilla FTP Client\docs\fzdefaults.xml.example to C:\Program Files\FileZilla FTP Client
2. Rename file to fzdefaults.xml
3. Open file in text editor and change set <Setting name=”Kiosk mode”>1</Setting>
4. Comment line: <!–<Setting name=”Config Location”>$SOMEDIR/filezilla/</Setting>–>. Or set desired config file location if you wish.
You can also set <Setting name=”Disable update check”>1</Setting> to disable the update check.
5. Save and close the file
6. Delete or rename existing files containing passwords (see above for file names and paths)

FileZilla 3.3
Windows XP, Vista, 7