Shouldn't require plaintext password

[pixelherodev]

Storing the password in plain text even just on the local computer is problematic, but requiring it in plaintext on a 3rd-party site (home.mycroft.ai) is completely unacceptable.

[iointerrupt]

It looks like ultimately the credentials are used by the pianobar stored locally ~/.config/pianobar/config. Afterwards the skill only uses it to determine if pianobar exits abnormally due to login error.

An advanced user might just modify the ~/.config/pianobar/config file themselves, or if you do use the home.mycroft.ai to setup the credentials, there wouldnt be a need to store it in constantly in Mycroft.AI settings file (or in home.mycroft.ai) afterwards. If the user changes their Pandora credentials, they can just retype the username and password in the MyCroft.ai UI and when the device finally updates the configuration from the web, it could "blank" out those values in the mycrofts config file. The check that it does to validate the username and password are blank doesnt need to be there.