A security related bug was discovered on certain HTC Android smartphones. This bug allowed any application that has access to the ACCESS_WIFI_STATE permission (something that the apps ask you before you install them) will let the application not only check on the status of your Wi-Fi but also have complete access to all your Wi-FI passwords.
The handsets that are reported to have this bug include the Desire HD, T-Mobile myTouch 4G, Desire S, Sensation, EVO 3D, DROID Incredible, and the Thunderbolt 4G. However, HTC is now reporting that the problem has already been solved on certain devices, although which ones exactly was not mentioned. It also said that the rest of the devices will require the update to be manually applied. The update is not yet available but HTC is requesting users to visit their website again next week for the update.
The bug was apparently discovered back in September 2011 by a couple of security researchers who then contacted HTC and Google, but was kept under wraps until now till the fix was deployed to a sizable number of the affected devices.
If you own one of the above mentioned handsets, check the HTC website mentioned above next week to see if there is an update available for you.