I too have been bit by this. I had well over 4 dozen PCFs from many different clients that were hosed. The most recent crash was with 4.7. Why the hell the CVPN client had all those files *open* let alone
*writable* at all I will never know. There is no reason for the CVPN client to ever open the files after the initial boot (once it's read everything into memory) and no reason to ever have them open and writeable unless the user is making changes to a specific profile's config. That's inexcusable programing IMHO but I digress.
One feature that I would love to see added is the ability to have a Pix or Concentrator force the CVPN client to delete a given PCF if the admin so commands. I'm stuck with users that have a copy of a PCF on a system with X-auth but no authorization. They're using a PCF that they're not supposed to be using but I can't convince them to come get a copy of the correct PCF. I want to be able to command the remote Cisco client to delete the PCF. Along these same lines I'd like the ability to push a replacement PCF to the CVPN client in preparation for a group auth password change. If I could push out the new PCF 2 weeks before the password gets changed then I can greatly reduce the strain on myself and the helpdesk when such a change is mandated.
Back on topic, my best advice is to backup you PCFs regularly. There are plenty of free backup tools that can automatically backup files to remote (or local) destinations on a regular schedule.
J