There are two security concerns to keep in mind when using transfer. Both concerns involve the potential visibility of passwords to other users.
where filename is a path to the file.
Passwords are not displayed when transfer prompts the user for a password. This allows the user to type a password without fear that someone might see the password as the user types it or might scroll back through the contents of the user's window to see what password was typed.
The username and password for the remote account should only be kept in an information file if the user intends to use transfer through an automated facility such as cron or at. I recommend keeping information that won't change other than the username and password in $HOME/.transferrc and allowing transfer to prompt you for the username and password. This minimizes typing and maximizes security.