For windows maybe this could be used https://github.com/foundeo/jdpapi64, it's wrapper around Windows Data Protection Api, for Mac perhaps Keychain can be used and for Linux it seems to be more complicated and I doesn't see good solution yet.

So when you move your profile to another PC it won't recognize passwords. Well, maybe not a huge problem if you remember all the passwords Anyway, something has to come up with a patch to do such encryption. Maybe some existing library or API can be used for this (Apache licensed).

My concern is when using LDAP/AD without GSSAPI, as network credentials could be exposed. Guus stated the same about the key still needing to be stored on the computer, but there has to be a way to make things a little more secure. perhaps using the a unique hardware identifier as the key (sn,uuid,mac address) or some other way of obfuscation.

If Spark would switch to using some random key for encryption, it would still have to store that key on the system. So if someone would get an access to that system, he would still be able to access the key and decrypt the passwords.

The only secure solution would be for Spark to use some key, stored somewhere in the ignitrealtime.org infrastructure, so it won't be publicly known, but that seems like an overkill for a simple IM application.