I'm aware of a few security concerns among a couple of DonkeyFire users. Namely, how I'm managing username/password storage.
As this extension was intended for private usage only, I didn't care much (I access my MLDonkey via VPN to a remote location, and the username/password I use were created specifically for that purpose).
But, truth be told, some of my friends requested that I released it publicly. And that's how donkeyfire.mozdev.org and this forum were born.
I recomend that, while I implement a better approach (which is not only a matter of nsIPasswordManager, but a little bit more ocmplicated given my XPath requirements), you implement a similar approach:
* If you run MLDonkey locally only, set a unique password for the admin account. Something unique, really. And make it listen on 127.0.0.1 only.
* If you run MLDonkey remotely, try to make it listen over 127.0.0.1 and a VPN interface only. Same password recommendations.
* If you run MLDonkey remotely, and cannot / don't know how to make it work over a VPN, I can sell you my services! Now really: at least firewall it, or run it over SSL via mod_proxy (John, if you read this, we could all make use of a HOWTO, won't you post one?).