Comment 3 for bug 1659591

Also agreed about the admin password. We should warn and prompt the user to change it.

In one dimension it's not as bad, because the password is randomly generated, as opposed to something the user has chosen. Hopefully users don't reuse passwords, but I expect they probably do; and storing those on the filesystem would be awful.

OTOH, it's the admin user :)
At one stage we were thinking we should force the user to set a password at bootstrap, which would cause the creation of a macaroon and have the password cleared from disk.