The following was submitted by an anonymous tipster:
I opened the Keychain Access utility in Mac OSX a while ago and noticed that it has a potential security flaw. In order to reveal the password for a particular entry, all a user has to do is open the Keychain Access utility, click 'Get Info" on an entry, and click on the "View Password" button, and the password is shown in clear text.This problem strikes me as a Bad Thing. I realize that all bets are off with physical access to the machine, but in something like a lab environment, such access is bound to occur. A simple dialog box would at least stop the quick-look password thieves.
Since Mac OS X unlocks the keychain at login, anyone can find out a user's password in the span of a few minutes without having to authenticate themselves. In a shared environment, this flaw alone renders the Mac OS Keychain useless as a secure store for passwords that you might not want others to have access too.
A simple fix would be a password dialog that asks for the user's keychain password before the keychain is shown or before the password is revealed.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20020415095232379