You don't want plain text passwords in config file. Make the user hash it or automate this somehow to [bcrypt](https://github.com/ncb000gt/node.bcrypt.js/) or something.
