[chrishajer]

Using plain text passwords means anyone listening on the conversion (running a network sniffer or packet capture tool) can read the password if they can intercept it. With FTP, your password is transmitted in the clear, so, all someone needs to do is grab that password, then they have full access to your files.

SSH = secure shell. SFTP is secure FTP, and it uses SSH. SCP is a replacement for FTP, using SSH as well. Anything using SSH encrypts the password so that someone who intercepts the password can’t really do anything with it. Regarding clear text passwords for the database. Since the database connection details are stored in a text file (bb-config.php) anyone who can grab your FTP password and access your files will have access to the database. Once they can modify your files, they have the keys to the kingdom, so to speak.

SSH: http://en.wikipedia.org/wiki/Secure_Shell

SFTP: http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

SCP: http://en.wikipedia.org/wiki/Secure_copy

FTP: http://en.wikipedia.org/wiki/FTP

A lot of these require cooperation from your host. You can only use whatever they offer for connecting to the machine where your site is hosted. The lowest common denominator is FTP which is old and insecure. Much better is a host that offers SSH access and SCP/SFTP access to the files.

I really doubt someone grabbed your password out of a packet and changed your database connection details or the table name. I think it’s probably a far less interesting mistake than that.