WTF's config.yml file is a plain text file stored in the user's home directory. Given the nature of many of the modules in WTF, that file could hold account information, passwords, URIs, and API keys for the user's critical systems.

This issue is a place to discuss the security of that file.

1. Does it need to be secured? Should we just trust the machine instead?
2. If it should, how so? What's least-friction for the user?