In a recent update to OS X Lion, an Apple programmer inadvertently left a debug flag in the latest build of the operating system that turns on a system-wide debug log file. The file stores the user’s login information in plain text. The information not only contains the user’s password, but is it also in an unencrypted area.
FileVault users prior to Lion’s launch may want to consider changing login passwords. Any user with admin or root access can easily gain this information, thus compromising your data. Time Machine also stores this log file, so it is also a good to check your archives.
This glitch only affects users who enabled FireVault encryption and updated to Lion while keeping their folders encrypted. FileVault 2 users are not infected.