I have been pointed to the fact, that passwords have been transmitted to the user in confirmation emails after login in plaintext. Although I have seen this procedure on many other sites, this could be dangerous. Therefore I have changed the code so that only a "*********" text is transmitted in this case.
Note that credentials sent to a user after a reset of his account by a SuperAdministrator contain a temporary password. This password should immediately be changed after the first login in "Edit Profile" at the top of the page.
By the way: Passwords are hashed using SHA1 and then salted by a random number, before they are stored in the database. It is impossible to reconstruct the password from this hash.