Agreed, this is no bug. This is a functionality that was implemented in a time when password security was not even thought about in any serious way.
The fact that the new version no longer uses this functionality means the developers have wisened up.
The fact that said new version is brand new means nobody worried about it before 2018 - which is way too late in my opinion.