I was going through the code and found that the LdapPrincipal is now storing the user's
password.  This is an immense security risk!  Why would we do such a thing? 

Alex