Hash root user pass upon installation.
Yesterday while going over some code in a plugin I'm creating I noticed something pretty odd: The installer is not hashing the root accounts password upon creation. gm112 and I have tracked down the problem and have created a patch which is waiting in your pull request queue.
It would be great if you patched this quickly and rolled out a security release.
The Pull request in question is: https://github.com/vanillaforums/Garden/pull/1536