Is twtxt.net setup to hash user’s passwords and emails? You have the ability for users to retrieve passwords but you mention you don’t keep emails. I’m curious as I have just realized that the ejabberd server I setup stores passwords as plain text and I need to research this more.
Passwords are encrypted with scrypt.
Emails are not stored, only a hash is. If you need to recover your account for any reason (password reset) you must supply the same email used on signup, if the hash matches the backend will happily send a reset token.