Link shows images of it that I captured with a throwaway account, but it was discovered by https://twitter.com/JBird_Vegas/status/309213249763692546. Trello has replied that they are going to fix it.

One has to be rooted to see it (since /data/ is not world readable by default). However, an exploit isn't going to have that same issue or anyone running a rooted device.

If there's anyone running Trello for iOS and has a jailbroken device, I would be interested to know if it's also cleartext on there.

What bothers me is if they have my password how many other Google authenticated apps also have it?

The password caching was removed and a fix pushed this morning (v1.3.33). Fogcreek team should be commended the fix came less than 7 hours after being made aware of the bug.

Well done Trello!

Reference: https://mobile.twitter.com/hamidp/status/309303911150395392