User passwords in plain text in the database file

A couple days ago, I built conduit on a FreeBSD 13.0-RELEASE system to test it in a group. It's not using any identity server. Don't know how to get the version of conduit, as --version or --help don't seem to work.

After forgetting my test password, I tried to find out which it was. Opened the database file /var/db/matrix-conduit/conduit_db/conduit.db on a text editor. To my great surprise, I could find my password there in plain text. Not only mine, but of all the other people that have tried to use the server. The password of another user I created and deleted shortly after could also be found.

After connecting to the database, from the sqlite3 cli, I dumped it to a file. The search for plain text passwords returned nothing. Everything was encrypted.

By logic, this seems to indicate that the code saves the passwords in plain text in some table besides saving them encrypted in another place as well. A kind of a log that doesn't get updated, i.e. deleted, when a user is removed.

Don't know if this is important or not for the case, maybe I should open another issue, but it's not possible to do almost anything when logged in, as there are a lot of BAD_JSON messages. The logs show a lot of these messages:

WARN conduit::ruma_wrapper: Deserialization(RequestDeserializationError { inner: Ident(MissingLeadingSigil) })
WARN conduit::error: 400 Bad Request: M_BAD_JSON: Bad json.

I know that conduit is still in development, so, is this something known?