security_considerations - mqtt/mqtt.org GitHub Wiki
In a discussion about how to protect an MQTT broker, Dan Anderson suggested:
It's common to have a "Security Considerations" section in protocol standards that describes areas of concern related to security. i.e. the IETF templates. In the next version, could something like this be added? I'd like to see a "security consideration" added that suggests to broker implementers that passwords should not be stored on the brokers in clear text.