When a URL's is streamed in winamp which requires HTTP authentication, the user is prompted to enter a username and password. This username and password is then stored as plain text in the file winamp.ini under the section [HTTP-AUTH]. The format of stored passwords (it seems) is <domain - TLD>=<username>:<password>. URL's which are streamed are also kept as history in the winamp.ini file under the [winamp] section. This includes URL's which include the username/password in them (ie, http://username:password@site). This was verified in Winamp 2.80 on Windows XP. - isox
