Encryption
Map editor calculates MD5- and SHA1-fingerprints from your password. This can be done in only one direction. It isn't possible to uncover the original password (only with brute force).

The SHA1-fingerprint is 20 bytes long and is stored in the map-file. SHA1 is used only to check the password.

We need the MD5-fingerprint to generate a 16 byte key. Next, we generate 15 new fingerprints - every time from the last used fingerprint. This way, we get a 256 byte long key.

The map file should be XORed with this key (result = byte XOR key). After the last (256th) character, you use the first character again (rotation).

The following code (written in BlitzBasic) generates the encryption-table:
key$=md5$(passw$)
For j=0 To 15
  For i=0 To 15
    pos=(j*16+i)/4
    ascii=Asc(Mid$(key$,i+1,1))
    byte=ascii Shl ((i Mod 4)*8)
    crypt_table(pos)=crypt_table(pos) Or byte
  Next
  key$=md5$(key$)
Next

Limitations
1) The map loader decrypts the file to a temp-directory, but you can modify the source and decrypt maps directly to memory.

2) It is possible for someone to read your password from the EXE-file. Please use an algorithm to generate the password at runtime.