I think a change needs to be made to the Openfire admin console, for security reasons. The LDAP admin password is displayed in plain text. It should be masked out. I realize that you need to have openfire admin privileges to view that page, but once the page is accessed anyone walking by could read the value from a screen. or browser cache could be used to view it. Security of my network is of utmost importance.

I am going to create a jira issue for this too.