PHPlist v3.4.7:
When using the option to view the config.php file directly from within the PHPList UI, it smartly hides any passwords, but if you’re using the Amazon SES integration, your ID/Secret are in full view.
The other issue is that URL links in the config file point to pages that no longer exist.
That’s a fair point. The plugin could also hide any items whose name includes “key”.
You might want to look at using the Amazon SES plugin instead. It can provide greater throughput, if that is important to you. Also, the API credentials are not held in the config file.