I am told that creating a my.cnf file, with the client's user id and
password, and placing it it the user's home directory will provide some
protection of the user id and password. I have also been told that
placing one in each user's home directory in unix, will allow MySQL to
determine the user's credentils from the my.cnf file, rather than
request them each time the user tried to connect to it. The alleged
benefit is that the user id and password is not visible on the command
line or to those users able t view system status.

1) Is this true?
2) Can it be made to work in a similar fashion on Windows?
3) On my own machine, I placed my.cnf in the root directory of the C:
drive. This seems to work, but I bet its effects are global. Can I
make its effects local to a specific user by placing it in C:\Documents
and Settings\specific_user_uid?
4) Do you have any specific tips (or a list of yuour favorite best
security practices) for improving the security of an application that
uses MySQL as the db back end?

Thanks

Ted