When i logged in today, and misstyped pass, it told me that user name or pass was wrong, but what was strange, is that it showed long numbers, that are something like

e5sg545qfx53r jkls... eq 4rfaa454s .....

to me it looks like it actually displayed encoded pass(sha1 or something), that i typed, and the one that is in database, that it tryed to match (word EQ hints on that).

I just thought i would mention because this might me potentially security risk, from what i learn. Not sure if that's meant to be there, but i don't thing it's good idea to show encoded pass, which is stored in databse, to everyone.