I've noticed that there are some security issues with this. Such as the password hint. I have found that in the beta we are testing in for Moongamers it stores everyones password hints. I also noticed that it stores peoples passwords in hash format.

Nothing password related is stored server side.

As for the client an individual could simply attempt to connect and hit "hint" and attain the same info.

As for the stored passwords, where are you seeing those?

When we first started testing someone told me my exact password hint I had, and also the hashed password I had. It wasn't my password that I had, but it was shown in hash format. I checked the MohawkClientLog.txt in my Mohawk folder, and he was right on. In the passwordhint= section it had my password hint, and in the password= section was my password in hash format. I was also able to view a few others hashed passwords as well.

So you sent this person your Log file?

No. He checked his own log file, and told me what it was showing for me.