Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
http://www.securityfocus.com/bid/14600
http://securitytracker.com/id?1014730