Cleartext password in settings file!!!

[rcfa]

If you go to …/settings/authentication/edit and set the Fallback Administrator admin’s password, it gets written out in plaintext into the config.toml

That’s a no go!

If one then logs in with the admin account and changes the password (even to the very same one), then it’s replaced with some hashed or encrypted version, as it should be.

Whatever mechanism is used when changing the password, should also be used when setting the password.