A mailing-list manager should not allow users to pick their own passwords. It should force them to use randomly-generated ones like TnPBxSnL8dQBcPzH or wNJNpnaUrswq4Zy8 and then write them down.
This pretty much eliminates passwords on the mailing-list site being used to exploit other sites and vice-versa.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds