when adding a new user my Seafile-Server sends a welcome mail to the them. I think this can be configured using
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
I like this feature in general but what I find really worrying is the fact that the password the user chose is actually sent in plaintext. When noticing this I was confused and checked the source code for a possibility to turn this off but there is no way to do this except for turning off the whole feature.
As users cannot always rely on their hoster (and anyone else involved in transfer) and mails are sent unencrypted this feels to me to be a security issue. Also users tend to use same passwords in many occasions. The only scenario where I think this is useful is for the reset-password form.
So what I would recommend is to add at least an option field where you can turn off including the password, and make it default.
What do you think? Did I miss something and this is already possible?