Just a word about DPAPI
An obvious question after my last post is of course - What is DPAPI?
Beginning Windows 2000, the OS comes with the DP API packaged within it. The Data Protection API (DPAPI) is a set of functions that provide OS level services to user and system processes.
The protection with DPAPI is based on a key generated from the user credentials. The DPAPI work with the Local Security Authority (LSA) to provide its features. The LSA in turn leverage the Crypto API (crypt32.dll) to provide the encrypt & decrypt functions.
Shawn Farkas gives some good insight of the DPAPI here.