@rfc2822, yes, actually, if you please, while I was trying to make my hidden service working, I found, that it may be convenient in such cases to save entry even when it is not valid for now, just marking it as out of sync or something like this. Thus it will be possible to edit such entries later without filling credentials again, you know. Just an idea.
Password stored as plain text in the "accounts.db" file
In the database found under “/data/system/users/0/accounts.db” the owncloud password is stored as plain text.
This means anyone with root access on the phone, probablly including closed source apps that need root, can aquire the password.
This might lead to the discussion that a rooted phone is always a risk, however it would still be nice to add an additional layer of security here.
Thanks for your suggestion, but this is intended Android design. DAVdroid uses the Android account management and password methods. Additional security would have to be implemented in this API.