Any updates on the plaintext password security problem?

I realize this is an old thread, but in case new readers find this thread, this is no longer the case.
There is now support for two different ways of protecting the information in the database.

Encrypting the database fields

The first way is to set the environment variable SETTINGS_ENCRYPTION_KEY. If this is set, all sensitive fields in the database will be encrypted with the given key.
This essentially moves the problem to providing the SETTINGS_ENCRYPTION_KEY, but at least the fields will then not be stored in plaintext in the database.

This approach protects in cases where the configuration database is leaked.

This feature was introduced in v2.0.9.106.

Secret provider

The secret provider is a way to not store secrets on disk, but still have them available. It works by configuring a provider (which can be the OS Keychain or a external provider) and then replacing strings, similar to how environment variables are expanded.

Using this feature also prevents anyone from extracting the secrets from the UI, as they would be placeholders there as well. The secret provider can also be used to provide the SETTINGS_ENCRYPTION_KEY if desired.

This feature was introduced in v2.0.9.109.