[follow-up: comment + tests] Routine user error can lead to plaintext passwords in the database