App developers who want to protect data, can’t. Here is a nice writeup from the Pidgin developers about why nothing out there improves upon cleartext password storage: PlainTextPasswords
A lot of developers need to understand this. Look at the comments to this stackoverflow question to get a taste of the lack of understanding that pervades many developers.
I feel inspired to write a response on par with this incredible rant about how people need to stop trying to parse HTML with regex, but I don’t think I’ve got the time (or the skills? ;-).