Package: freevo /etc/freevo/local_conf.py can be read by all users It contains unencrypted passwords for the web interface Maybe the web interface passwords need to be kept in a separate file that is only readable by the user running the web server process?