I guess wadpro means the passwords for mail accounts (acc. properties -> transport) - almost any **** password revealing tool will disclose them instantly (whether OTFE is used or not doesn't matter in this case). Check for example Revelation from www.snadboy.com

This is a very serious security issue.
My Bat stays opened all the time, because I have some scheduled tasks (and the built-in scheduler only works if TB is opened). So anyone having a physical access to the machine may get all my passwords in less than a minute.
BTW this should be very easy to fix, I guess what has to be done is simply to remove the password boxes and replace them with a 'Set password' button.  

wow .. holly $h!t
it's really available in plain text! So things are far worse than I thought so far. If one does not use OTFE (and surely not everyone wants that), there is practically no security at all. Having a password stored as plain text is next to having a sticky note with it on your monitor.
Unbelievable!!
And even if OTFE is used, this does not stop elementary password revealers.

I do believe you because in the first account.something file I opened in Notepad I saw my smtp password for that account as plain text.
And a google search for 'thebat password recovery' brings 500 000+ results - I didn't tested any, but as they say there's no smoke without fire  

but there are some (i know about 4) apps able to decrypt this, so in case You need higher security because somebody have access to your computer, You can use OTFE. In OTFE mode, DES algorithm with 128bit key is used and data on HDD are not decrypted by The Bat! when You open it.

Thank you for pointing that out! In earlier versions of The Bat!, e.g. 1.62, account passwords were encoded in a form of Base64-encoding in the account configuration file. This encoding is not an encryption, it is simply means of avoiding storing them in plaintext easily readable form. In later versions, the passwords were not encoded in the configuration file, because we’ve implemented the OTFE encryption to protect the configuration data. Encoding the passwords may give the false sense of security, thus we didn’t encode them. However, we may encode them in future versions using the same algorithm as in earlier versions of The Bat!
OTFE does only protect the data on the disk, not in the computer’s memory. For example, if somebody physically steals the storage media while the computer is turned off, it would not be reasonable to get the original data, e.g. account password, due to computational difficulties of decrypting an RC2 128-bit chipher without knowing the key.
However, when the legitimate user have started The Bat! With OTFE encryption, the “asterisk” issue would not help anyway, since the configuration data has been loaded into the computer memory and can be read by a malicious software.
To resolve the issue of POP3/SMTP password leaks, we recommend using hardware CRAM-MD5 authentication. You can read more about hardware authentication at http://www.ritlabs.com/en/products/securebat/authentication.php