[Moin-user] On logging out and hashed passwords

[Brian Gallew]

Actually, there is one very good reason for storing an encrypted version 
of the password: people re-use passwords.  Yes, effectively you end up 
with a new, unencrypted password (that just happens to look like a lot 
of random garbage), but it's highly unlikely that string will match the 
end user's password anywhere else.  OTOH, it's quite likely that the end 
user has two or three passwords they use for personal stuff.  This means 
that getting their "real" password off the wiki might give the attacker 
access to some other resource unrelated to the wiki in question.