I've used docker login command and passed my credentials and I got warning WARNING: login credentials saved in /Users/{my_username}/.docker/config.json. I've checked that file and indeed my password is there unencrypted (base64 encoded only).
Why docker saved my password unencrypted? Shouldn't it save it in my key-chain (I am on Mac OS) or instead of saving password just generate some access token or something like that?
This is now solved, and as you suggest, you can save to the keychain (or use other "helpers"). Full details are in the Docker docs: https://docs.docker.com/engine/reference/commandline/login/#credentials-store
For anyone interested in the history and why this wasn't a trivial fix: https://github.com/docker/docker/issues/10318