@rds in my AIO release the passphrases are salted with a code that only the user knows as dawalelt just said. also the current aio dawallet has has a static encryption key so if someone goes through the source they could easily decrypt the file on your disk to get your passphrase. as well as move the file into the same directory to do it that way
ive released the source for this now so if dawallet wants he can use it to make his more secure . i made this open source so everyone can benefit from it and to also show everyone there is nothing nefarious in my code im sure we have a lot more exciting things to come ;)
im designing the new interface in my wallet so that your password cannot be sniffed by keyloggers or clipboard loggers as it just puts the passphrase straight out of the decryption algo into the password box bypassing your clipboard and keyboard