The cookie exchange doesn't bring the password all the way back, starting from _bakery_register_submit().
Name and mail are stashed in $_SESSION for the slave to potentially refer to later. The easiest solution would involve this, but we might not want plain text passwords laying around $_SESSION. Otherwise, it would have to be carried through the two key exchanges.
Or, we could not send the password in email and rely on the login URL. I like this since passwords in email are not great. We could change the email content on enable/update if it is the default, or alert the user if it contains !password.
Closed: outdated
2.0
Documentation
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.