The fact that Mumble supports passwords is fantastic. It provides a means for users to log on from different clients without the need for exporting/importing their certificate file.
However, I noticed that the passwords are stored in clear text on the client. Coupled with the fact that the client always saves the password, this creates a situation where user passwords are readily available to anybody who has access to the client computer or data. Whereas access to a Mumble account does not expose any sensitive information, password re-use is a common occurrence.
A. Encrypted storage of passwords
B. A "save password" option which defaults to "no".