How are passwords stored?

First, thanks for WinSCP. I spend a large part of each workday using it, and appreciate it very much.

My qusetion is about how passwords are stored if you choose to save them in a "stored session". What is to prevent someone who gains access to your hard disk from recovering them?
I use public/private keys that are stored on a removable disk where possible, but that doesn't work for all the systems that I need to access. To date I have not saved any passwords with stored sessions because of this concern, but it would be convient to do so if they were stored securely.

Sorry if this has been covered before, I have looked but not found the answer.
Thanks again.

Password is stored in ecrypted form to Windows registry (unless you choosed to store configuration to INI file). However the encryption is rather simple.

Thanks for the fast reply. I will begin encrypting the WinSCP3.ini file which will improve the security for stored passwords further.

On the same topic, I think a great new feature would be the ability to specify a different location for the WinSCP3.ini file, as is currently possible with the Random seed file. That way I could keep WinSCP3.ini on the same removable USB memory stick that holds my other ssh and PGP keys. With the contents of that memory stick encrypted while not in use, I feel pretty confident I am secure from any snooping less than having spyware active on my system while I am using it.

Thanks again for the great software.

I see I spoke too soon, the command line flag
/INI=path
already provided the feature I wanted.

Raising a post from the grave... what kind of encryption is used as you stated above?