> but what is to prevent someone who may know enough about accessing the >password database file from knowing what everyone's passwords are?

Absolutely nothing. If you persist passwords, someone can eventually figure it out. Don't think about writing your own encryption, either, because you'll get it wrong. Use the built-in Windows CryptoAPI to generate MD5 hashs of the passwords and persist those instead. There's a CryptoAPI sample in the VFP Solutions Samples.