You can provide your own hash, and a quick source check reveals that plaintext is being converted into a hash client-side, so only hashed data is being sent to the server.

I think it'd be best to provide people with a simple way to generate their hash with a well-known tool they already trust - eg, an openssl command.

For the record, on a Mac, save your password in a text file called password, without a return at the end of the line. Then:

openssl dgst -sha1 password

will give you the hash you need. Mine has been leaked but not cracked, according to this site :-(.

Or...

   echo -n "password" | openssl dgst -sha1

'password' was actually in use - go figure.

Not necessarily a bad security practice. If you want a throwaway account for whatever reason, then why increase your cognitive load by coming up with a good password?

So was mypassword and others. Oh well.

As is

    ********

All I see is hunter2

Not like they couldn't save it as a variable if they wanted. That's just what you see in the UI.