Severity: minor. Applies to: all versions of Nvu from 0.10 to 0.30; problem is fixed in forthcoming version 0.40. When one opens a document through a double-click on an entry in the FTP site manager, the URL (potentially center-cropped) displayed in the title bar of the Window contains account and password information for the FTP site the document comes from. A malicious visitor could use Windows tools to read that window title, and that account/passwd info with it. As a consequence, Nvu (< v0.40) users should not left open on the desktop Nvu in such a state. Close Nvu when you don't use it. It is highly recommended that all Nvu users upgrade to v0.40 as soon as it is released.