It looks like commit c0dc7e73f3a47223a3bc215072298cbcbe7d3bc5 changes this. Waiting for RPM updates
Updated to 2014042202.mr and the problem is partially gone. Now i only see the password in clear text when i hover over "SQL Manager". Also, the password was in /usr/local/lxlabs/kloxo/log/hiawatha-access.log earlier and but after this update
Thank you Mustafa for taking immediate action to such security concerns.
Perhaps it time to say the following:
As i might have stated before, coming from cPanel/WHM, i was initially intrigued by Kloxo-MR for it's support for Nginx/proxy etc.
I gave it a try and i started to like it a lot since it's userfriendly and flexibility is huge, but at the same time at the cost of some simplicity offered by e.g cPanel.
Now i've invested a lot of time to learn and get things right and Mustafa is assisting very good so it's a good sign Kloxo-MR will have a good future.
One more thing i'd like to point out is that Kloxo-MR should strive to be PCI DSS compatible like cPanel/WHM hosters (of course there are other things that have to comply except the panel it self).
I urge everyone here to support this project by donating a small amount monthly. I've started, but after getting rid of cPanel, i'll regularly support this project.
Again, thank you Mustafa for you great work.