Hello, Recently it has come to my attention that the pmwiki built-in user authentication system uses php, and that php is configured to save session information in /tmp/, which includes passwords in plain text. How big of a security risk is this (sounds pretty bad to me...), and does anyone know what can be done about it? thanks, maria