Are the passwords protected or encrypted?

The password to each site is encrypted before it’s written to the config file, then decrypted and passed to the Lync / SfB client as clear text in an API call.

If you’re concerned for the security of your passwords, consider letting Lync / SfB cache the credentials – that way bounSky doesn’t need to know your password.