See HUDSON-8720 for the original issue before the move to Jenkins.

The password for the share appears in cleartext in hudson.out.log (I believe it happens when saving the system configuration) and in com.slide.hudson.plugins.CIFSPublisher.xml.

The password should never be stored/displayed or it should be stored encrypted or as a hash.