"Chris Mellon" <arkanes at gmail.com> writes: > Would you make this directory name be the username+the password? If > not, why not? The answer is the same reason why this isn't a reliable > method of security. I would not store plaintext passwords in a database, but that doesn't mean it's security by obscurity to do so.