trex005 on "[Plugin: WP Mail SMTP] Shocking security vunerability"

Reasons for plain text:

• Easier to verify data accuracy. (Can be helpful when having sending errors)
• Disposable sending account and you lost/forgot the password. (Bad reason, but one nonetheless)

Certainly you want to make it harder to crack, I'm just stating that making it a password field doesn't really do that for any remotely savvy attacker. To make it (slightly) harder you need to either send an encrypted version (or hashed) to the config page, or a default value. Then on save check to see if that value is altered, and only if it is, update the password.

This clearly won't protect you from someone who gets access to your database, but it is a good first step. To protect the database, you could encrypt with a seed, but if the attacker was able to find the seed, you're still out of luck.