Here's my thoughts on the encryption:
* PasswordMaker should have a app wide memory to store things, like the unencrypted version of the RDF file or at least the settings read from it, memory stored Master password, and whatever else multiple windows normally keeping their own copy of stuff would do. Currently, it's per (browser) window, so someone using more than one window will have to enter their master password multiple times
* When the RDF is encrypted, then when the first instance of it runs (assuming the shared memory thing is being done) then read the encrypted file, unencrypt it, read the settings. And only when a change is made is the file written to disk. This way, only the encrypted file will be on the disk.
Also, the XML format I'm using for the Desktop Edition has an encryption attribute. I planned on having it be encryptable at some point (hopefully before 1.0). I was thinking of making a flag or something to handle a salt to go with the file (or as a key for HMAC-SHA256 hash on the encryption password)