FileZilla keeps logins/passwords in plain text, which is pretty much inexcusable. But it gets worse... I've just realized that FileZilla seems to cache your most recent "quick connect" login and password too. Even if you've manually typed in the address, login, and password. This means that unless you manually clear your history EVERYTIME you use FileZilla, anyone can fire up FileZilla on your PC, hit CTRL+R and have access to your last connection. I've had enough... What are all the clever kids using these days? (Preferably for Windows, open source, and free...)
Just tried your Control R theory. Didn't work. Why don't you use the Site Manager and leave off the password so you have to enter it each time?
FileZilla. Lol. I haven't used these before, but you could try them, Im not sure about open source, but they're both free and for windows. http://www.coffeecup.com/free-ftp/ http://www.goftp.com/
If you site is small enough say under 1 gig, then there is less inconvenience if someone actually did hack into your computer and steal your ftp access code. All you would need to do then change your login and use a backup to restore the website. If you don't store your passwords, then you should be ok against the ftp pw stealing viruses. In the case someone had access to your PC to hit CTRL+R, I would think the least of your problems would be website hacking.