It can be, it all depends on how securely the software is written and how well you keep the scripts on your site up to date as well as how secure your logins are.

I'd think a safer way would be to encrypt the user and password in a database but it's really a judgement call.