It'd be harder if the passwords were encrypted.

It's not impossible to crack encryption's but if they don't have access directly to the source and/or can't read the the password as un-encrypted strings there'll be less children taking such action again.

But that likely won't happen

Another way to authenticate would lower the risk, say putting a lock on deleting characters and entering the game it's self without a pin that was defined by the user upon registration or at some other point for example, that pin could be optional for the user, their choice again.

But yeah, best way to prevent this is to use different ID's and/or passwords for any server you play, hell it's not much of a problem using randomly generated strings for user/pass on Crystal files as you have the option to auto login..