libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.