Not far removed from simply writing them down, I use text files to record my passwords. Nobody really has physical access to my PC and even if somebody does they would have to know where to look. (Same, I suppose, for password-stealing malware. It's one thing to grab saved form passwords from a browser in a well-known location. it's another to inspect arbitrary user files.