Master password
My suggestion is to allow the master password to be input from another source such as a parameter which in itself is stored in an encrypted parameter file instead of always via the keyboard every time Win scp is started. Trojans or viruses acting as keyword or clipboard-loggers are much more common than hooking into process startup. I know this is circuitous but the source key for the parameter file could be the master password too, once you have entered the master password it uses itself as the key to encrypt itself.
Key logging on Windows is so prevalent that my suggestion is preferable to typing plain text each and every time I start up Winscp.
Key logging on Windows is so prevalent that my suggestion is preferable to typing plain text each and every time I start up Winscp.