As I understand it from the write-up (and a brief look at the source seems to confirm that), Mailman 3.0 does encrypt passwords by default and does not mail them out any longer.

It is stored in unicode because that's what passlib hash algorithms return, not because there's an underlying plaintext representation.

It hashes password.

Encrypting them indicates there's a way to decrypt them. Hashing, by definition, is not possible (not practical, really).

If there are better mailing list software, what are they?

Sorry, I couldn't resist. Look on that 'user' table! Does anyone have a copy of lists.mozilla.org? hehe

Can you help me understand the issue you see here?