From Aidan's comments in #6...
We may want to store refresh tokens more securely in the future. This was a quick-and-dirty way of doing it at the time, but I'm not sure saving the tokens in plain text on the hard drive is following good security practices...
From Aidan's comments in #6...