I just noticed the default option for the stock User Folder is to not encrypt passwords. Why? Shouldn't any web server that gets exposed to the real world error on the side more security and less convenience?