Maybe it's a problem, maybe it's not. See https://security.stackexchange.com/questions/61215/the-registration-confirmation-email-contains-my-password-do-they-keep-it-in-pla

If passwords are stored in plaintext: please fix, of course

And if they aren't: please alleviate our worries in that same email. :)

Thanks for notifying, but this is should be reported in the forums.
The Minetest repository here does not cover any external web services.

This is done on the MediaWiki side. I don't think we can do much about it, since we'd rather not spend time doing customizations to MediaWiki that would be lost when upgrading.

Passwords are likely not saved in plaintext (the backend likely reuses the password supplied by the user to send in the email confirmation), but I can't guarantee this as I don't have access to the server. In any case, consider using a password manager to use unique passwords on every site 🙂

Yeah, we didn't write the software used - it's the same software used on Wikipedia. Perhaps an update will fix this

• Someone has access to the database to check, and if it's not: Hooray! Finding and then changing the email text sounds like not a lot of work
• Passwords aren't supplied by users, as creating an account is done by a mod, after a request in the forum thread
• Though some of us do use password managers, "everyone does" would be an unreasonable assumption

=)

Sending the password by email when someone else creates the account is intentional and desirable. That's the purpose of the feature. You can change your password afterwards

Ideally, we wouldn't need to create accounts for users. The register form should be fixed to actually work