[mercuti0]

No, it's only the worst-case scenario for you. The worst-case scenario for the users (your customers) is their password exposed. They don't care about your server.

[nyellin]

Again, it's not a private password if they chose to share it with a group.

[JangoSteve]

What if the group is that person and their dad, and they don't care if their dad knows the password to their gmail?

[nyellin]

By definition, there is no point in having an anonymous conversation with your dad, because it wouldn't be anonymous. Right now, we're seeing freeversation used with much larger groups of people, where guessing which email matches the password is impractical, even if someone does reuse a password.