ProScan said: That has nothing to do with FREEScan. Take a look at the targetNamespace in this link https://api.radioreference.com/soap2/?wsdl&v=15 Click to expand...

ProScan said: As far as the password in the clear in the Registry, Just lock your computer when not using. Click to expand...

It's been a while since I've used SOAP APIs regularly - what is the significance of targetNamespace? Does that url indicate that RadioReference does not support https with their SOAP service? The wsdl loads ok via HTTPS.. If that is in fact the case, I can't fault the developers for a limitation of the RR API.A person having physical access to the computer, opening up the registry editor and looking at the password is the least likely attack vector. Arbitrary code can be executed to read that data from the registry without the user knowing, and this is the more likely way data can be compromised. Windows has long offered operating system level tools to encrypt and store sensitive data, which is good for the developer as they do not need to rely on any third party tools to be able to securely store data like passwords. There isn't really any room to excuse this vulnerability given the long-established best practices. It's an issue that really needs to be fixed in FreeSCAN and ARC-XT, but fortunately for the developers of these programs, there are well documented solutions to patch the vulnerability.I am glad to see that ProScan does not contain this same vulnerability, and now I'm inclined to support your software.