Just want to tell. some days ago some of the developer told me, that it is a big security-hole to store the password of the user in plaintext inside the DB. i think, we have a other big security-problem. if you send (or get) emails, the "normal" way is sending the data in plaintext. this means, if a user is the admin of the web and has a email-account, then he sends his passport every time he gets (or sends) emails. means if anybody can scan the "email-protokol" he can read the pwd of the admin and so connect to the server and change the files at the server (for example a php-script to get the account-data of the database used). it is NO problem for me to use SFTP because this is "FTP over SSH" and SSH has it's own fingerprint. but i can't generate a SSL-certificate for every customer i am hosting. so isn't it better, to separate the FTP from the email-user?