Before you panic, you should know that this isn't a huge deal, and Comcast is aware of the situation and has promised a fix "within a week or two." There, feel better? Good, because if you use the XFINITY app, any other app that has permission to read logs can read your Comcast username and password (aLogCat, for example).
The details, courtesy of aBSuRDiST, who discovered the issue:
My system log shows <userName>[email protected]</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager". I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for "password". After I clear my log (using aLogcat) that line reappears even when I haven't used the Xfinity app. I don't use my comcast credentials in any other app.
To try and resolve this I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure. I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.
It looks like the frequency of output can be toned down and even controlled (to an extent) by making sure you don't have the app set to automatically login and don't have it remember your credentials. Once you uncheck those options, it only outputs your information when you login.
aBSuRDiST took this information to the Comcast forums, and an employee took notice:
In the meantime, be wary of your settings and logins - or if you're tin-hat paranoid, just uninstall it. Then again, if you're tin-hat paranoid, you probably don't have a cell phone...