I don't know if this has been found and discussed, or if this is the right place to bring it up, but this is something I just noticed...

I thought I would flash my N900, start fresh, and have done so...
One of the tools I used was the default N900 'Backup' app...

Brilliant app, restored everything...
- Contacts completely restored, including additional IM details
- Apps, remembered list, downloaded and installed
- Desktop, exactly how it was
- Website favorites
- RSS feeds
- System preferences
- Email an IM accounts
- Website logins and passwords

But then I thought, sooooo the backup app saved all my accounts and passwords then...
I had a look inside the 'backup' folder, had a look in a couple files, an sure enough, you can find and read files that include logins and passwords!

I did not look through them all, but for one example is:
places.sqlite
Which is located in the backups\Backup\settings.zip\Root\home\user\.mozill a\microb folder.

Does the community know about this?
It should not be this easy to find accounts logins and passwords.

Discuss

places.sqlite is a Mozilla file and thus Mozilla should encrypt it, not Nokia. Sure, Nokia could rewrite the engine to encrypt it but that would probably slow down the phone. Doesn't adding a password to the backup make you safe enough?

You could set a password for the backup. Do not know if this is really secure, though.

Ah...did not see or bother with the 'protect with password' in my first backup, valid point.

Carry on.

I'd guess this just sets a password on the zip files it produces, so will depend on how secure that is (IIRC, the latest zip format is pretty secure, but earlier ones weren't - and I've a suspicion that the open-source tools use the earlier format).

Time for some experimentation

And a test shows that it's not using zip encryption. The resulting files are still named .zip but aren't themselves zip files, presumably having been encrypted using an external mechanism.