الحمد لله و كفى و صلاة و سلاماً على عباده الذين اصطفى
EDIT: Added the solution at the end of the post
So i have been navigating through my home directory and i found a hidden directory (which starts with a dot .) and i found a directory called .purple..Hmm, i don’t remember installing an application called purple.. 
So after some searching i found that the .purple directory contains some files related to pidgin The universal Instant messaging client..okay this sounds reasonable now..the pidgin color is purple 
okay..before you read any further in this topic please open a terminal in your Linux distro and execute the following command:
cat ~/.purple/acc* | grep “ord>”
YES, the output you have seen from this command is REAL !! ..It is your IM passwords 
I used some bash tricks to hide what the command really do..but here is what it will really do
cat ~/.purple/accounts.xml | grep password
and if you are using window$, you will find it in C:Documents and Settings%USERNAME%Application Data.purpleaccounts.xml
What are we having here ? , well pidgin is not saving the passwords in encrypted format, it is saving them in clear text !
So beware.. don’t save your password on pidgin when using a shared machine with someone else
Solution
First of all, lets see why did the pidgin team decided not to encrypt the passwords, actually they talked about lots of issue, but to summarize, Here is a quote from their wiki:
Instant messaging is not very secure, and it’s kind of pointless to spend a lot of time adding protections onto the fairly strong file protections of UNIX (our native platform) when the protocols themselves aren’t all that secure
Edit: Kamasheto added the following quote in the comments, thanks kama 
“But other programs don’t store my password in plain text!”
That’s true. But few of them store it in a way that’s any safer. A Google search for im passwords shows a bunch of hits for getting the passwords out of other IM clients just as easily as Pidgin.
so they advice you to use key rings that comes with your desktop environment (GNOME and KDE have key rings), there is a project discussing this issue here
Another solution is use a master password mechanism, like that one implemented in firefox, you can use this feature in pidgin by install the Password Encryption plugin
Hope this tips will solve the problem isA
سبحانك اللهم و بحمدك..أشهد ان لا إله إلا أنت..أستغفرك و أتوب إليك
i was really really ammmmmmmmmmmmmmmazed when i saw my password
i had only one question in my mind:
“what kind of SECURITY is that … PIDGIN?!!!”
Have you checked the file’s permission? it’s only readable and writable by you and only you, I know it’s not the so big fix but at least it convince me
@Boody:
LOL @ Pidgin security
امن الحمام الزاجل
@BingoRabbit:
Yeah, I know that permissions are one approach to solve the problem, but note that not all the distro’s out there provide such feature, for example: on ubuntu systems unprivileged users are allowed to read each other’s home directories
I will edit the post for more info on the topic after el fagr prayer isA
Jzakom ALLAHu kher for the nice comment
Thanx alot 4 the notification.
I checked the user privileges in my Ubuntu and i was amazed.
What a stupid way!!
I consider it’s a axiomatic to secure every user’s files like fedora.
Finally I thanked ALLAH that my sisters don’t know very much in linux otherwise my files will be in an open-air not only my passwords
بارك الله فيك
Your are welcome ya mostafa
I wonder why was your comment held for moderation, do you spam yabny ?!
I really really love the new feature of commenting from the dashboard of WP
, Thanks for BingoRabbit for fixing it ..
I had two comments held for moderation on my blog too, strange?
really thanks , AHMED
i will install the Password Encryption plugin
thanks again
شكرا يا أحمد على المعلومة ده
هو الأوبن سورس حلو بس مش أوبن للدرجة ده
على اللينوكس ممكن الصلاحيات تحد من المشكلة ده لكن على الويندوز ده كارثة ما بعدها كارثة
@MMF:
are you using Linux now ?
@Mo3taz:
الموضوع و ما فيه ان المبرمجين اللى عمله بيدجين يا معتز أعتمدوا على انهم يأمنوا بيدجين عن طريق
3rd party software
و ده طبعاً مشكلة كبيرة لأن اصلاً معظم المستخدمين بينزلوا البرنامج و اول ما يشتغل يبقا تمام كده و مبيعمولش اى حاجة تانية عشان يأمنوا النظم
سيبك انتا أخبار الجاجا ايه معاك ؟
I’m sure you don’t really mean it this way, but this gives a bad impression about the open-source concept generally and this application in specific. I’m sure you’ve read the entire article they wrote on their wiki, but just to make sure everyone else gets the image I’d like to quote them:
Bottom line is, all IM clients are insecure and open to the same vulnerability. All of them.
You have a good point kamasheto, thanks for mentioning it
the Open-source community is growing larger and larger and with very wise steps, even microsoft guys are convinced now by the concept
but this doesn’t means that i shouldn’t warn other people if i find a particular flaw in a piece of FOSS i see
Personally, i am not much in development but if i had the chance to develop something like this, i won’t leave the security issue for 3rd-party software (like the UNIX permissions in our case here) to take care of it and just don’t do anything about it, i know that using encryptions can sometimes be cracked and stuff like that, but at least blocked a huge amount of users from breaking it.
and remember, pidgin developers said that this is a situation that could change in the future
I will edit the post and add your quote so that every body will see it isA
Thanks for passing by and for your valuable comment.
O, thank you.
I just need to clarify a little bit more the situation at hand. Pidgin did not rely on 3rd-party solutions to solve the problem — they just covered it up the best way they could. They said, in honest plain words, they did not really pay any attention to securing the stored passwords.
Then they elaborated that it’s plain useless, because no matter how secure they tighten things at their end the protocol itself is still unsecure — which does make sense to be honest.
On top of all that, ALL other IM Messengers are vulnerable to having their passwords extrapolated — just because Pidgin admitted it doesn’t make it really that bad IMHO.