The password remind functions require access to plain text passwords, additionally, other plugins may need access to such information. For this reason, passwords are saved plain text within the database.

This should not normally pose a problem, but it can be if your database is compromised.

While we're on this subject, we should point out that GenieGate does not require an SSL login nor does it encrypt passwords when sending out password reminders in email. For this reason, HTTP authentication, non-SSL connections (particularly logins) and password reminders should be disabled if GenieGate is to be used for securing critical information.

In general, I would take special precautions before using this package for applications demanding high security. (such as disabling password resend)