Voting starts in March for the Drupal Association Board election.
I know how it feels for someone to come into your issue queue and open a critical task, but this is security-related so I feel there is no other way to categorize it.
Using AES passwords is definitely a use-case that this module should support but enabling that feature should be a conscious decision by the administrator. Anyone who has access to the database and the AES key (which is in the database by default!) will be able to decrypt any user's password. Again, this can be a useful feature for certain use-cases but in other cases this can be considered a security infringement.
Therefore this feature should be disabled.
Attached patch does so.