I am not happy with this phrase:
"MySQL passwords cannot be decrypted easily, so there's no chance
for a normal user to look at other users' plaintext passwords."
This phrase could make someone believe that with phpMyAdmin in advanced auth, normal users can have
a look at encrypted passwords, which is not true.
If config.inc.php3 is properly protected (as explained in the doc), users can't even see the stduser
password.
Maybe we should remove this phrase, and add something telling the sysadmin to put PHP in safe mode
after:
"Your config.inc.php3 file should be chmod 660"
Marc