According to Licho, ZKL uses Windows secure password storage, but that's not interesting for Chobby (it's Windows specific and wouldn't help against malicious widgets, which are the prime concern really).
We talked about it for a bit, and there are other ways how widgets could be prevented from reading the password, but it's hardly a priority (if you have malicious widgets running on your machine, you've already compromised your system greatly anyway).
PS: However, the issue in this thread is just a case of bad distribution. I like to think it's like buying a gun, shooting yourself by accident and screaming "FRIENDLY FIRE WTF!"
(Don't try making Chobby distributions. Even outside the password you're likely to make a lot of mistakes.)