So you don't have install for Windows or Mac at all and also you want XCR users to keep their account password in plain text - so that you can steal coins very easily?
As I've explained, there is nothing that prevents from you to compile the Node native libs on Windows/Mac and have a Windows/Mac Node - we just looking to make this process simpler for the users.
As per the plain text password in the config file - this what the sending second pass phrase feature is intended to protect against. Even if any virus/trojan (or "we") manage to get the password from the config file, then only thing the attacker will be able to do is to login in the wallet under your account. They will still need the second pass phrase to do send funds or do any other operations.
That said, I can understand the concern about keeping a plain text password in the config file, and will discuss with Boris how it can be improved.