Hey,

Nice script Jarett!

I am concerned with having my passwords available in about:config in clear text however, and I don't think it is necessary.

I wrote a similar userscript for Twitter at http://userscripts.org/scripts/show/59103 which you can review for my implementation without storing passwords.

To briefly explain my userscript:
I save a list of usernames only, then when a user wants to switch accounts they are sent to the login page with an extra url parameter with a value equal to the desired account. Then on the login page I search for this url param, and if it is defined then the username is automatically filled into the username form field, then I focus on the password form field, which gets Firefox to auto insert a password saved in Firefox (which is safe when using a master password for Firefox). If the password field was auto populated then I automatically submit the login form.

Do you think that you could do something similar for this script?

Choosing to store passwords via my script is no less secure that having Firefox remember the site password without a master Firefox password.

Exactly, the master password makes user passwords secure.

Also, I would appreciate it if you didn't title the post "Security Issue"; I really don't want an angry mob of thousands of panicky users banging down my door.

I doubt you will get mobs, if anyone (like it matters) and people should know the risk.

Fair enough Jarett, no worries.