Comment 2 for bug 1279849

Well, it does present a vulnerability in that keystone is "tricked" into storing passwords in plaintext, however users have to take special action to expose themselves (odds are, I'm guessing, knowingly).