Storing passwords on disks should be removed.

I'm not sure if this is a security issue, but a salt should be kept random, but is is not. (Because Random is initialised with a fixed salt which causes it to produce predictable results)
Look at LoginForm.getCypher().

Stumbled over this while checking what causes my minecraft loader-loader to crash :/