Any updates on the plaintext password security problem?

Understanding the configuration storage in ~/.config/Duplicati. Can I remove stuff? wandered into the password protection problem (and subtle bugs from tight permissions), but this is a much better spot.