I could add a FARR feature to help plugins figure out where to store data,
but let me clarify a little what this security hole is all about for people reading this and nervous.
There is a FARR plugin called "Google Calendar Quick Add", and with this plugin you have to configure your login info.
Sri decided to make a package of his pre-configured aliases and plugins and upload them for others. He made a slight mistake and included the options file for this plugin, which has his gmail login info in it.
So this is not something any normal FARR user needs to be concerned with -- but it is a reminder for plugin writers and others who might zip up and share their FARR plugin configuration directories, to make sure you dont upload any configuration files that might have sensitive data inside them.
Like I said, I could add a feature into FARR which a plugin could call to get a MyDocuments folder suitable for storing options files, so that they arent in the normal FARR directories, but then again it would be just as easy for a plugin to do that.