If the user has access to the data anyone can send false validation data. is unusual store validation data in plain text in any service.
It is easy to understand for these reasons:
The key is generated in the server, and downloaded in your profile in SC.
The file not change or increase in the user computer.
is the file is generated in the server ¿how to send other information? please explain.
Its good to know:
The regulation implementing the Organic Law on Data Protection indicates that passwords, while in active state, will be stored in an "unintelligible" format.