Security of OAuth tokens in windows registry?

I must be reading the docs wrong - it seems that the tokens to access OAuth on windows are stored, plain text no encryption, in the windows registry?

Is that right? For deployment we need to have any machine running the google cloud sql driver to have a copy of the tokens?

This is not secure in any way, why can't the tokens be stored encrypted on disk at the least?!? The driver should let you provide the tokens, not using hardcoded schemes like reading them from an unsecure location such as the windows registry. What a strange design.

Thoughts?

"

Windows: The tokens are stored in the registry under the key:

HKCU\Software\JavaSoft\Prefs\com.google.cloud.sqlservice

These entries will have to be copied to the same key for the user who will be running the application on the deployment machine."