rsaauth should not send hashed password hash to formengine
Currently, the hashed password is transmitted to the browser, when a beuser is edited.
This is necessary, as otherwise the current password would be overwritten.
In my opinion it is a bad practice to send (even a hashed) password around. Data should only flow in one direction, from the browser to the server.