The /etc/NetworkManager/system-connections directory in Debian and Ubuntu stores files that are named after the WIFI networks you have connected to. These contain the passwords for the wireless networks that your machine has connected to.
Here is a sample file.
[connection] id=detportal uuid=539c7711-95ba-4f0a-8797-33d32ec779d7 type=802-11-wireless [802-11-wireless] ssid=detportal mode=infrastructure security=802-11-wireless-security [802-11-wireless-security] key-mgmt=wpa-psk psk=detportal [ipv4] method=auto [ipv6] method=auto ip6-privacy=2
The user of a machine does need to be root to access these files, but any user with sudo access is allowed to cat these files and read the passwords. This needs to be fixed. Maybe, the connections should be stored in the home folder of the user that is making the connection and obfuscated somehow, maybe by hashing it. Windows 7 stores passwords for WIFI as a hash. This is more secure. Network Manager could do the same thing. This would improve the security of Linux when using Network Manager.