Mod wp-smtp-mail stores the admin or other email account login for the SMTP server in plain text in wp-admin
This is a major security breach on any multi-author site, whether or not a single install or WPMU - passwords should never be visible after saving
