Although the exact relationship may be somewhat obscure (which is good), it seems one is able to access login IDs and their corresponding passwords by opening up the users.pro file with the notepad application. Whether or not this is a security issue can be debated, however it would be beneficial to futher mask/hide the passwords for this server (if possible). Windows ME is the OS.
While not really a bug, the clear text password is a security risk. The upcoming version of Cerberus no longer stores passwords. Instead, the SHA-1 hash for the password is stored. There is no way for an unauthorized user to recreate a password from the hash value.