I've backuped a guacamole install 1.2.0 and sniffed in the .sql file.
In the table guacamole_user_attribute, i've seen clear password in it.
A suggestion would be to encrypt the parameter_value when parameter_name is equal to "password"
Unless i'ts already done in 1.3.0?
Thank you for your hard work.