penders - 5:00 pm on Jan 11, 2012 (gmt 0)
The reason for my question is that this password file should be stored on your local machine - which I believe it is. If your sites have been hacked through access to this file then it sounds as if your computer has been infected with malware/virus!?
Whilst there is a potential vulnerability in Filezilla's XML files, this is only a problem if the host computer has been hacked.