I'd crypt the username password before storing into a file. One exploit and your entire userbase could be compromised.