what is unsafe with user information gathering is unsalted encryption
it is too easy for admin to take your non salted encryption and run it thru decryption, i know admin could already just take funds but people often use same passwords elsewhere (fools)