Whenever I create a web based scenario and that scenario utilizes a NTLM username and password, the password is not obfuscated with "*'s" and is also not encrypted in the database in any way. This is a HUGE security concern / vulnerability.