29
Password being able to read by anyone on the same server isn't really the problem of Xoops, but an inseure configuation of PHP on your server. Most of the web apps hold DB passwords as plain text within a PHP file. To prevent others from reading in the PHP file and getting the password, you should ask your server admin to run PHP in safe_mode, or use PHP SUEXEC. XOOPS runs fine under safe mode.