Tests use plaintext for password hashing
The tests use plaintext as the password hashing algorithm. This leads to occasional assumptions that passwords will be stored in plaintext and bugs with comparing plaintext passwords. If the plaintext password looks like a hashed one it will compare as a hashed one and fail.
We should switch the tests to use a fast hash like md5 that still gives us a speedup in the tests but removes the temptation to treat them as plain text