I notice our docs have:
If you are at all concerned about password <quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</>to be used only if you must support pre-7.2 clients. Plain <literal>password</> should be avoided
especiallyfor
At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.
//Magnus
