I think that this feature should be at least disabled by default because it's a bad policy even for administrators to view user passwords.
Wanted to point out that some people re-use passwords and having a third party viewing their password could compromise their other accounts.

Comments

Title:Have aes_convert default to falseHave aes_convert default to false - 7.x-1.6 blocker

I would agree with this. I'll put into the next release.

Issue summary:View changes
Status:Active» Closed (duplicate)